X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8b65d4dd61751329a50cddcee9d4a082700d4ed2..4d756df0d59a0dfa02d453ae3dd666e180e6fbfc:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index a2fcec772..18f92404a 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -32055,9 +32055,6 @@ This control turns off DKIM verification processing entirely. For details on the operation and configuration of DKIM, see section &<>&. -.vitem &*control&~=&~enforce_sync*& &&& - &*control&~=&~no_enforce_sync*& - .vitem &*control&~=&~dmarc_disable_verify*& &&& &*control&~=&~dmarc_enable_forensic*& .cindex "disable DMARC verify" @@ -41070,20 +41067,31 @@ will be used during message reception. .next A queue runner process retains root privilege throughout its execution. Its job is to fork a controlled sequence of delivery processes. + +.next +A delivery process retains root privilege throughout most of its execution., +including while the recipient addresses in a message are being routed. + +.ilist +However, if a user's filter file has to be processed, +this is done in a subprocess that runs under the individual user's uid and +gid. A system filter is run as root unless &%system_filter_user%& is set. +.endlist + +Any actual deliveries (that is, the transports themselves) are run in +subprocesses which always change to a non-root uid and gid. +.ilist +For local +deliveries this is typically the uid and gid of the owner of the mailbox. .next -A delivery process retains root privilege throughout most of its execution, -but any actual deliveries (that is, the transports themselves) are run in -subprocesses which always change to a non-root uid and gid. For local -deliveries this is typically the uid and gid of the owner of the mailbox; for -remote deliveries, the Exim uid and gid are used. Once all the delivery +For remote deliveries, the Exim uid and gid are used. +.endlist + +Once all the delivery subprocesses have been run, a delivery process changes to the Exim uid and gid while doing post-delivery tidying up such as updating the retry database and generating bounce and warning messages. -While the recipient addresses in a message are being routed, the delivery -process runs as root. However, if a user's filter file has to be processed, -this is done in a subprocess that runs under the individual user's uid and -gid. A system filter is run as root unless &%system_filter_user%& is set. .next A process that is testing addresses (the &%-bt%& option) runs as root so that the routing is done in the same environment as a message delivery.