spool permissions: (mail uid=8, mail gid=8)
cnw uid = 1001.
So, I guess it attempts to deliver as the recipient user and write
to the spool as the recipient. huh? how come it works atall? ;)
.:
total 24
drwxrwxr-x 3 mail mail 4096 Feb 14 15:18 db
-rw-r----- 1 mail mail 115 Feb 20 08:29 exim-process.info
drwxrwxr-x 2 mail mail 12288 Jul 10 17:33 input
drwxrwxr-x 2 mail mail 4096 Jul 10 17:33 msglog
./db:
total 44
drwxr-xr-x 2 mail mail 4096 Feb 14 15:16 old
-rw-r----- 1 mail mail 20480 Jul 10 17:29 retry
-rw-r----- 1 mail mail 0 Feb 14 15:17 retry.lockfile
-rw-r----- 1 mail mail 20480 Jul 8 15:29 wait-remote_smtp
-rw-r----- 1 mail mail 0 Feb 14 15:18 wait-remote_smtp.lockfile
./db/old:
total 32
-rw-r----- 1 mail mail 16384 Feb 11 19:53 retry
-rw-r----- 1 mail mail 0 Jan 30 11:24 retry.lockfile
-rw-r----- 1 mail mail 16384 Feb 11 19:41 wait-remote_smtp
-rw-r----- 1 mail mail 0 Jan 31 10:36 wait-remote_smtp.lockfile
./input:
total 40
-rw-r--r-- 1 mail mail 0 Jun 12 14:36 17I8IW-0002WT-00-D
-rw------- 1 mail mail 24 Jul 10 16:43 17SJcd-0007yM-00-D
-rw------- 1 mail mail 568 Jul 10 16:43 17SJcd-0007yM-00-H
-rw------- 1 mail mail 24 Jul 10 16:45 17SJek-0007zi-00-D
-rw------- 1 mail mail 568 Jul 10 16:45 17SJek-0007zi-00-H
-rw------- 1 mail mail 24 Jul 10 16:45 17SJfA-0007zu-00-D
-rw------- 1 mail mail 568 Jul 10 16:45 17SJfA-0007zu-00-H
-rw------- 1 mail mail 24 Jul 10 16:47 17SJgO-00081C-00-D
-rw------- 1 mail mail 568 Jul 10 16:47 17SJgO-00081C-00-H
-rw------- 1 mail mail 24 Jul 10 16:47 17SJh9-00081o-00-D
-rw------- 1 mail mail 568 Jul 10 16:47 17SJh9-00081o-00-H
./msglog:
total 20
-rw------- 1 mail mail 397 Jul 10 17:29 17SJcd-0007yM-00
-rw------- 1 mail mail 340 Jul 10 17:29 17SJek-0007zi-00
-rw------- 1 mail mail 340 Jul 10 17:29 17SJfA-0007zu-00
-rw------- 1 mail mail 340 Jul 10 17:29 17SJgO-00081C-00
-rw------- 1 mail mail 371 Jul 10 17:29 17SJh9-00081o-00
drwxrwxr-x 5 mail mail 4096 Jan 31 16:13 exim-outgoing/
.. is the config file
# This is the main exim configuration file.
# It was originally generated by `eximconfig', part of the exim package
# distributed with Debian, but it may edited by the mail system administrator.
# This file originally generated by eximconfig at Tue Jan 29 17:32:53 GMT 2002
# See exim info section for details of the things that can be configured here.
# Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file.
# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# Mailscanner spool
spool_directory = /var/spool/exim-outgoing
# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.
qualify_domain = future-systems.com
# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.
# qualify_recipient =
# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.
local_domains = /etc/exim/local_domains
# Allow mail addressed to our hostname, or to our IP address.
local_domains_include_host = true
local_domains_include_host_literals = true
# Domains we relay for; that is domains that aren't considered local but we
# accept mail for them.
relay_domains = /etc/exim/relay_domains
# If this is uncommented, we accept and relay mail for all domains we are
# in the DNS as an MX for.
#relay_domains_include_local_mx = true
# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.
never_users = root
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.
host_lookup = *
# The setting below would, if uncommented, cause Exim to check the syntax of
# all the headers that are supposed to contain email addresses (To:, From:,
# etc). This reduces the level of bounced bounces considerably.
# headers_check_syntax
# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See http://maps.vix.com/rbl/ for
# background. Uncommenting the following line will make Exim reject mail
# from any host whose IP address is blacklisted in the RBL at maps.vix.com.
rbl_domains = rbl.maps.vix.com
rbl_reject_recipients = true
rbl_warn_header = false
# The setting below allows your host to be used as a mail relay only by
# localhost: it locks out the use of your host as a mail relay by any
# other host. See the section of the manual entitled "Control of relaying"
# for more info.
host_accept_relay = localhost:192.168.0.0/16
# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%y@z (where z is one of your local domains) is locally rerouted to
# x@y and sent on. Otherwise x%y is treated as an ordinary local part
# percent_hack_domains=*
# If this option is set, then any process that is running as one of the
# listed users may pass a message to Exim and specify the sender's
# address using the "-f" command line option, without Exim's adding a
# "Sender" header.
trusted_users = mail
# If this option is true, the SMTP command VRFY is supported on incoming
# SMTP connections; otherwise it is not.
smtp_verify = true
# Some operating systems use the "gecos" field in the system password file
# to hold other information in addition to users' real names. Exim looks up
# this field when it is creating "sender" and "from" headers. If these options
# are set, exim uses "gecos_pattern" to parse the gecos field, and then
# expands "gecos_name" as the user's name. $1 etc refer to sub-fields matched
# by the pattern.
gecos_pattern = ^([^,:]*)
gecos_name = $1
# This sets the maximum number of messages that will be accepted in one
# connection. The default is 10, which is probably enough for most purposes,
# but is too low on dialup SMTP systems, which often have many more mails
# queued for them when they connect.
smtp_accept_queue_per_connection = 100
# Send a mail to the postmaster when a message is frozen. There are many
# reasons this could happen; one is if exim cannot deliver a mail with no
# return address (normally a bounce) another that may be common on dialup
# systems is if a DNS lookup of a smarthost fails. Read the documentation
# for more details: you might like to look at the auto_thaw option
freeze_tell_mailmaster = true
# This string defines the contents of the \`Received' message header that
# is added to each message, except for the timestamp, which is automatically
# added on at the end, preceded by a semicolon. The string is expanded each
# time it is used.
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
(Exim ${version_number} #${compile_number} (Debian))\n\t\
id ${message_id}\
${if def:received_for {\n\tfor <$received_for>}}"
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# This transport is used for local delivery to user mailboxes. On debian
# systems group mail is used so we can write to the /var/spool/mail
# directory. (The alternative, which most other unixes use, is to deliver
# as the user's own group, into a sticky-bitted directory)
maildir_delivery:
driver = appendfile
directory = $home/Maildir
maildir_format = yes
from_hack = false
check_string = ""
prefix = ""
suffix = ""
create_directory = yes
create_file = "belowhome"
directory_mode = 0700
mode = 0600
delivery_date_add = yes
envelope_to_add = yes
return_path_add = yes
forbidden_file:
driver = appendfile
file = /var/mail/forbidden-senders
local_delivery:
driver = appendfile
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
file = /var/spool/mail/${local_part}
# This transport is used for handling pipe addresses generated by
# alias or .forward files. If the pipe generates any standard output,
# it is returned to the sender of the message as a delivery error. Set
# return_fail_output instead if you want this to happen only when the
# pipe fails to complete normally.
address_pipe:
driver = pipe
return_output
# This transport is used for handling file addresses generated by alias
# or .forward files.
address_file:
driver = appendfile
# This transport is used for handling file addresses generated by alias
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name. Each message is then delivered
# to a unique file in the directory. If instead you want all such deliveries to
# be in the "maildir" format that is used by some other mail software,
# uncomment the final option below. If this is done, the directory specified
# in the .forward or alias file is the base maildir directory.
#
# Should you want to be able to specify either maildir or non-maildir
# directory-style deliveries, then you must set up yet another transport,
# called address_directory2. This is used if the path ends in "//" so should
# be the one used for maildir, as the double slash suggests another level
# of directory. In the absence of address_directory2, paths ending in //
# are passed to address_directory.
address_directory:
driver = appendfile
no_from_hack
prefix = ""
suffix = ""
# maildir_format
# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.
address_reply:
driver = autoreply
# This transport is used for procmail
procmail_pipe:
driver = pipe
command = "/usr/bin/procmail -d ${local_part}"
return_path_add
delivery_date_add
envelope_to_add
check_string = "From "
escape_string = ">From "
user = $local_part
group = mail
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
save_project:
driver = appendfile
file = /stor/export/adminstuff/mail-archive/${local_part}
user = mail
group = mail
holiday_transport:
driver = autoreply
text = "Automated message:\
Your message has ** NOT ** been delivered to ${local_part}@${domain}, reason is given below:\
"
file = "/home/${local_part}/onholiday.txt"
to = $sender_address
# user = mail
# user = ${local_part}
# group = mail
######################################################################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
######################################################################
# This allows local delivery to be forced, avoiding alias files and
# forwarding.
imonholiday:
driver = localuser
transport = holiday_transport
require_files = /home/${local_part}/onholiday.txt
real_local:
prefix = real-
driver = localuser
transport = local_delivery
project_director:
driver = smartuser
prefix = p-
transport = save_project
# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary.
system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch*
user = mail
# Uncomment the above line if you are running smartlist
# This director runs procmail for users who have a .procmailrc file
procmail:
driver = localuser
transport = procmail_pipe
require_files = ${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
no_verify
# This director handles forwarding using traditional .forward files.
# It also allows mail filtering when a forward file starts with the
# string "# Exim filter": to disable filtering, uncomment the "filter"
# option. The check_ancestor option means that if the forward file
# generates an address that is an ancestor of the current one, the
# current one gets passed on instead. This covers the case where A is
# aliased to B and B has a .forward file pointing to A.
# For standard debian setup of one group per user, it is acceptable---normal
# even---for .forward to be group writable. If you have everyone in one
# group, you should comment out the "modemask" line. Without it, the exim
# default of 022 will apply, which is probably what you want.
userforward:
driver = forwardfile
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
check_ancestor
file = .forward
modemask = 002
filter
# This director matches local user mailboxes.
#localuser:
# driver = localuser
# transport = local_delivery
localuser:
debug_print = "localuser for $local_part@$domain."
suffix = "+*"
suffix_optional = true
driver = localuser
transport = maildir_delivery
futurealiases:
driver = aliasfile
search_type = lsearch*
file = /stor/export/adminstuff/configuration/email-aliases.txt
user = mail
modemask = 0000
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
######################################################################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
######################################################################
# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.
# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.
# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.
forbid_addresses:
driver = lookuphost
transport = forbidden_file
group = mail
user = mail
# mode = 0660
# file = /var/mail/forbidden-mail
senders = /etc/exim/forbidden_senders
smarthost:
driver = domainlist
route_file = /etc/exim/domain_routes
search_type = lsearch*
transport = remote_smtp
lookuphost:
driver = lookuphost
transport = remote_smtp
# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.
literal:
driver = ipliteral
transport = remote_smtp
######################################################################
# RETRY CONFIGURATION #
######################################################################
# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 2 hours and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.
# Domain Error Retries
# ------ ----- -------
* * F,2h,15m; G,16h,2h,1.5; F,4d,8h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
# This rewriting rule is particularly useful for dialup users who
# don't have their own domain, but could be useful for anyone.
# It looks up the real address of all local users in a file
*@future-systems.com ${lookup{$1}lsearch{/etc/email-addresses}\
{$value}fail} bcfrF
# End of Exim configuration file
On Wed, 2002-07-10 at 17:27, Philip Hazel wrote:
> On Wed, 10 Jul 2002, Conrad Wood wrote:
>
> > originator: uid=0 gid=0 login=root name=root
>
> You sent a message as root. Exim is therefore privileged, whatever its
> permissions and ownership.
>
> > delivering cnw@future-systems.com as cnw using holiday_transport:
> > uid=1001 gid=1001 home=/home/cnw current=/home/cnw
> > auxiliary group list: <none>
> > set_process_info: 30869 delivering 17SJh9-00081o-00 to cnw using holiday_transport
> > holiday_transport transport entered
> > taking data from transport
>
> The transport is running as uid=1001. It calls Exim in order to create a
> new message.
>
> > Exim version 3.33 debug level 9 uid=1001 gid=1001
> > Berkeley DB: Sleepycat Software: Berkeley DB 2.7.7: (08/20/99)
> > Removed setuid privilege: uid=1001 gid=1001 euid=1001 egid=1001
> ^^^^^^^^^^^^^^^^^^^^^^^^
> ^^^^^^^^^^^^^^^^^^^^^^^^
>
> There is the problem. Why has Exim done that, I wonder? What do you have
> in the rest of your Exim configuration? In particular, what have you set
> in the "security" option?
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
>
>