Thanks for the response. You got me on the right track. As the name of project I linked to suggests, this is a simple relay - there is no need for local delivery and the daemon listens on 8025 rather than 25 so the Dockerfile removes the setuid bit.
For giggles, I looked into reenabling setuid and it appears that it’s not possible without some administrative tinkering (which I don’t have privileges to do). I checked out Chapter 56, section 3 of the docs and don’t see any advice about running without setuid to either root or exim. That said, if this setup works running under the exim user:group is there any place you could suggest I check when running this as another user, given the fact this is a relay? Is there a way to enable more debugging info (exim is started with -bdf)? I tried strace but I don’t see anything obvious in that dump. Here’s where I’m at right now with the same error: RUN apk --no-cache add exim tini && \ mkdir /var/spool/exim && \ chgrp -R 0 /var/spool/exim && \ chmod -R g=u /var/spool/exim && \ ln -sf /dev/stdout /var/log/exim/mainlog && \ ln -sf /dev/stderr /var/log/exim/panic && \ ln -sf /dev/stderr /var/log/exim/reject && \ chgrp -R 0 /var/log/exim && \ chmod 0755 /usr/sbin/exim Thanks! Michael On Jan 26, 2022, 12:41 PM -0500, Jeremy Harris via Exim-users <[email protected]>, wrote: > On 25/01/2022 21:05, Michael Steigman via Exim-users wrote: > > With OpenShift, however, all containers are run by a user with an arbitrary > > ID. That ID is linked to the project you are running the image in. It’s > > usually something like 1001360000. OpenShift adds the user to the image and > > makes it a member of the group root before starting up a container with the > > image. > > I'm not a containers user myself, but Exim generally runs with the > assumption it needs to become anybody - for two reasons: opening > priv ports (25 is usually a restricted one) and delivery > into user's mailboxes. Therefore, suid root. > > There's some notes in the docs on running in alternate modes, > (but I've never tried). > > -- > Cheers, > Jeremy > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
