-## $Cambridge: exim/doc/doc-src/FAQ.src,v 1.8 2009/11/05 19:37:00 nm4 Exp $
##
## This file is processed by Perl scripts to produce an ASCII and an HTML
## version. Lines starting with ## are omitted. The markup used with paragraphs
If you are running Exim with an alternate configuration file using a
command such as \"exim -C altconfig..."\, remember that the use of -C
- takes away Exim's root privilege.
+ takes away Exim's root privilege, unless \\TRUSTED_CONFIG_LIST\\
+ is set in \(Local/Makefile)\ and the corresponding file contains a
+ prefix which matches the alternative configuration file being used.
Check that you have defined the spool directory correctly by running
==> /usr/lib/sendmail -bz
- in some start-up script (e.g. \(/etc/init.d/mail)\) immedately before
+ in some start-up script (e.g. \(/etc/init.d/mail)\) immediately before
==> /usr/lib/sendmail -bd -q15m
trying to run an \%autoreply%\ transport. Why is this?
A0065: When Exim is called with -C, it passes on -C to any instances of itself
- that it calls (so that the whole sequence uses the same config file). If
- it's running as \/exim/\ when it does this, all is well. However, if it
- happens as a consequence of a non-privileged user running \%autoreply%\,
- the called Exim gives up its root privilege. Then it can't write to the
- spool.
-
- This means that you can't use -C (even as \/root/\) to run an instance of
- Exim that is going to try to run \%autoreply%\ from a process that is
- neither \/root/\ nor \/exim/\. Because of the architecture of Exim (using
- re-execs to regain privilege), there isn't any way round this
- restriction. Therefore, the only way you can make this scenario work is
- to run the \%autoreply%\ transport as \/exim/\ (that is, the user that
- owns the Exim spool files). This may be satisfactory for autoreplies
- that are essentially system-generated, but of course is no good for
- autoreplies from unprivileged users, where you want the \%autoreply%\
- transport to be run as the user. To get that to work with an alternate
- configuration, you'll have to use two Exim binaries, with different
- configuration file names in each. See S001 for a script that patches
- the configuration name in an Exim binary.
+ that it calls (so that the whole sequence uses the same config file).
+ However, Exim gives up its root privilege if any user except \/root\/
+ passes a -C option to use a non-default configuration file, and that
+ includes the case where Exim re-execs itself to regain root privilege.
+ Thus it can't write to the spool.
+
+ The fix for this is to use the \\TRUSTED_CONFIG_LIST\\ build-time
+ option. This defines a file containing a list of 'trusted' prefixes for
+ configuration files. Any configuration file specified with -C, if it
+ matches a prefix listed in that file, will be used without dropping root
+ privileges (as long as it is not writeable by a non-root user).
Q0066: What does the message \*unable to set gid=xxx or uid=xxx*\ mean?
==> adduser exim
- (3) Now you can prepare to build Exim. Go to \?http://www.exim.org?\ or
+ (3) Now you can prepare to build Exim. Go to \?https://www.exim.org?\ or
one of its mirrors, or the master ftp site
\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4?\, and download
\(exim-4.20.tar.gz)\ or whatever the current release is. Then:
with MX records pointing to \"localhost"\ (or other names with A records
that specify 127.0.0.1), which causes this behaviour. You can use the
\ignore_target_hosts\ option to get Exim to ignore these records. The
- default contiguration does this. For more discussion, see Q0319. For
+ default configuration does this. For more discussion, see Q0319. For
other cases:
(1) If the domain is meant to be handled as a local domain, there
Q0311: When a DNS lookup for MX records fails to complete, why doesn't Exim
- send the messsage to the host defined by the A record?
+ send the message to the host defined by the A record?
A0311: The RFCs are quite clear on this. Only if it is known that there are no
MX records is an MTA allowed to make use of the A record. When an MX
to scan email messages at SMTP time. \^elspy^\ also includes a small
Python library with common mail-scanning tools, including an interface
to SpamAssassin and a simple but effective virus detector. You can
- optain \^elspy^\ from \?http://elspy.sourceforge.net/?\.
+ obtain \^elspy^\ from \?http://elspy.sourceforge.net/?\.
Q0511: Whenever my system filter uses a \mail\ command to send a message, I get
==> majordomo: |/local/mail/majordomo ...
then Exim has to be told what uid/gid to use for the delivery. This can
- be done either on the routerr that handles the address, or on the
+ be done either on the router that handles the address, or on the
transport that actually does the delivery. If a pipe is going to run a
setuid program, then it doesn't matter what uid Exim starts it out with,
and so the most straightforward thing is to put
Q0604: I want to use MMDF-style mailboxes. How can I get Exim to append the
- ctrl-A characters that separate indvidual emails?
+ ctrl-A characters that separate individual emails?
A0604: Set the \message_suffix\ option in the \%appendfile%\ transport. In fact,
for MMDF mailboxes you need a prefix as well as a suffix to get it
\use_crlf\ option on the \%pipe%\ transport (tmail prefers \"@\r@\n"\
terminations) message bodies started to vanish.
-A0606: You need to unset the \mesage_prefix\ option, or change it so that its
+A0606: You need to unset the \message_prefix\ option, or change it so that its
default \"@\n"\ terminator becomes \"@\r@\n"\. For example, the
transport could be:
but it is important to some people - especially if by some unfortunate
accident the lowercased word is something indecent.
- You can trivally force lower casing by means of the \"${lc:"\ operator.
+ You can trivially force lower casing by means of the \"${lc:"\ operator.
Instead of \"$domain"\ write \"${lc:$domain}"\.
==> headers add "New-Subject: SPAM: $h_subject:"
headers remove subject
- neaders add "Subject: $h_new-subject:"
+ headers add "Subject: $h_new-subject:"
headers remove new-subject
This trick works only in system filters, where the commands are obeyed
C042: ``Since the Exim 4 configuration needed to get Mailman to work differs a
little bit from Exim 3 and since I still haven't seen a recipe for
Mailman with Exim 4, I'm providing my configuration (based heavily on
- \?http://www.exim.org/howto/mailman.html?\).''
+ \?https://www.exim.org/howto/mailman21.html?\).''
C043: ``Attached is an Exim 4 config file which is designed for an Exim server
that is put in front of an Exchange 5.5 system but which verifies the