On Tue, 13 Sep 2005, Bryan Henderson wrote: > Does it have to be setuid anything?
Possibly not. > The SMTP server can just run as real 'exim' (no setuid), right? If by "SMTP server" you mean the Exim daemon, then maybe. The issue is that root privilege is needed in order to start listening on a privileged port. Once this is set up, the conventional setuid=root Exim daemon obeys setuid(exim) in order to run as 'exim' from then on. So I suppose you could have no setuid on the code, and always start it as root. However, if you then change the configuration, you will have to kill it and restart it (as root) rather than just sending a HUP signal. The next problem is that, when it has received a message, the daemon normally re-execs itself in order to regain root privilege for the delivery. You'll have to live without this - all routers will have to be able to access whatever they need as 'exim', and all transports will have to run as 'exim'. > The piped-to transport program would be setuid so that it can make > local deliveries. It can also handle forwarding, or .forward files > can simply be world readable. Sounds like the pipe-to transport could be Exim <grin>. But yes, if you want to do it that way. > It can inherit it's Port 25 socket. Eh? That doesn't make sense. That socket is long gone. It is part of the receiving process and is discarded as soon as the message is safely on the spool. Remember, messages may not get delivered immediately. > As a mail originator, Exim wants to directly access the mail queue for Sorry, I can't follow that. What do you mean by "mail queue"? Exim has its own queue which of course it must access. What am I missing? > local deliveries, but it doesn't have to. It could take advantage of > a setuid pipe transport program. There are several local delivery programs such as procmail, but I don't think people normally run them setuid. > Or that program could be executable only by 'exim' and the mail > originator could do an SMTP connection to localhost. Is there a way > today to configure Exim to do that (Use SMTP transport for locally > originated locally bound mail, but local transport for SMTP originated > locally bound mail)? You can certainly configure Exim to do that if you want. Any router can route an address to any transport. You'll need to specify exactly what you mean by "locally originated". Some MUAs call the MTA and send messages on stdin (sometimes using -bs and sometimes not); others send it to 127.0.0.1. There are conditions that can be used to identify these cases. > Is there maybe some other simple SMTP client program that one could > use with an MUE instead of Exim? Pass. -- Philip Hazel University of Cambridge Computing Service, [EMAIL PROTECTED] Cambridge, England. Phone: +44 1223 334714. Get the Exim 4 book: http://www.uit.co.uk/exim-book -- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
