Dear Aaron, Exim does not provide a separate sendmail binary which is capable of setuid. But exim binary it self is setuid capable. I have no idea how to adapt it to this as a solution (and it is more like an Exim question now).
Further, I have seen while googling that in some instances, users have created a symlink /usr/sbin/sendmail, linking exim binary. :-\ The chapter http://www.exim.org/exim-html-current/doc/html/spec_html/ch52.html extensively discusses setuid amongst other security hardening concerns. Yet I could make nothing out of it for this situation. Thanks and regards, Lasantha. *-------- Original Message --------* *Subject: * [Dbmail] Re: What should be the EFFECTIVE_USER and it's privileges ? *Date: * Tue, 29/May/2007 12:19:32 PM +0550 *From: * Aaron Stone <[EMAIL PROTECTED]> *To: * DBMail mailinglist <[email protected]> > Perhaps there's a setuid root binary at /usr/bin/sendmail > or /usr/lib/sendmail that belongs to exim? > > On Tue, 2007-05-29 at 11:57 +0530, Lasantha Marian wrote: > >> Dear Aaron, >> >> I have tried several options. >> >> On your lead, tried using Exim's trusted_users and trusted_groups to >> include dbmail/dbmail as user and group combination. Then DBMail >> started reporting an error in dbmail.err log indicating the following, >> giving the old result of not delivering the messages. >> >> 2007-05-29 10:10:40 Failed to create spool >> file /var/spool/Exim/outgoing/input/1HstVg-0001wn-5P-D: Permission >> denied >> >> This does not look like an error generated by DBMail, possibly >> generated by Exim but logged by DBMail. >> >> Then I've changed to "EFFECTIVE_GROUP = exim" while having >> "EFFECTIVE_USER = dbmail", still reported the same error. Then I've >> changed the group privileges of the spool directories as chmod g >> +rws /var/spool/Exim/outgoing/{input,msglog}, which made the >> deliveries to dbmail-lmtpd successful. :-) >> >> I am yet not fully satisfied, there are other Exim compilation options >> (EXIMDB_DIRECTORY_MODE, EXIMDB_MODE, INPUT_DIRECTORY_MODE, >> SPOOL_DIRECTORY_MODE, SPOOL_MODE) which I should try. Though I do not >> plan immediately, when I try these options, will keep you updated. >> However, for the time being, I will be using exim/exim user and group >> combination. >> >> Thanks for all the help offered. >> >> Kind regards, >> >> Lasantha. >> >> >> -------- Original Message -------- >> Subject: >> [Dbmail] Re: What should be the >> EFFECTIVE_USER and it's >> privileges ? >> Date: >> Tue, 29/May/2007 8:31:44 AM +0550 >> From: >> Lasantha Marian <[EMAIL PROTECTED]> >> To: >> DBMail mailinglist >> <[email protected]> >> >> >>> Dear Aaron, >>> >>> Yes I do agree with you on separate users for Exim and DBMail. I >>> will work on it and come back to you. >>> >>> Lasantha. >>> >>> -------- Original Message -------- >>> Subject: >>> [Dbmail] Re: What should be the >>> EFFECTIVE_USER and it's >>> privileges ? >>> Date: >>> Mon, 28/May/2007 9:47:46 PM +0550 >>> From: >>> Aaron Stone <[EMAIL PROTECTED]> >>> To: >>> DBMail mailinglist >>> <[email protected]> >>> >>> >>>> On Mon, 2007-05-28 at 16:58 +0530, Lasantha Marian wrote: >>>> >>>> >>>>> /usr/local/Exim/bin/exim -C /usr/local/Exim/etc/exim-queue.conf >>>>> >>>>> >>>> I thought about this some more, and I don't think this is correct. >>>> Doesn't exim have a sendmail emulator? This chapter looks relevant: >>>> >>>> http://exim.org/exim-html-current/doc/html/spec_html/ch05.html >>>> >>>> If you don't mind playing with your configuration a little bit more, I >>>> think it will be preferable to have DBMail and Exim running as separate >>>> users. >>>> >>>> Aaron >>>> >>>> _______________________________________________ >>>> DBmail mailing list >>>> [email protected] >>>> https://mailman.fastxs.nl/mailman/listinfo/dbmail >>>> >>>> >>>> >> _______________________________________________ >> DBmail mailing list >> [email protected] >> https://mailman.fastxs.nl/mailman/listinfo/dbmail >> > > _______________________________________________ > DBmail mailing list > [email protected] > https://mailman.fastxs.nl/mailman/listinfo/dbmail > >
_______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
