X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f0884f3947f99919d82e82e787845b56917843a8..33191679e1a86ba6d9c38a74d07:/doc/doc-src/FAQ.src?ds=inline diff --git a/doc/doc-src/FAQ.src b/doc/doc-src/FAQ.src index b1a1ae743..a132911b5 100644 --- a/doc/doc-src/FAQ.src +++ b/doc/doc-src/FAQ.src @@ -1,4 +1,4 @@ -## $Cambridge: exim/doc/doc-src/FAQ.src,v 1.7 2005/05/06 08:28:16 ph10 Exp $ +## $Cambridge: exim/doc/doc-src/FAQ.src,v 1.8 2009/11/05 19:37:00 nm4 Exp $ ## ## This file is processed by Perl scripts to produce an ASCII and an HTML ## version. Lines starting with ## are omitted. The markup used with paragraphs @@ -467,7 +467,7 @@ A0020: These kinds of delay are usually caused by some kind of network problem ==> deny hosts = *.x.example If at all possible, you should use IP addresses instead of host - names in blocking lists in order to to avoid this problem. + names in blocking lists in order to avoid this problem. You can use the \-bh-\ option to get more information about what is happening at the start of a connection. However, note that the \-bh-\ @@ -851,7 +851,9 @@ A0044: Exim has been unable to create a file in its spool area in which to If you are running Exim with an alternate configuration file using a command such as \"exim -C altconfig..."\, remember that the use of -C - takes away Exim's root privilege. + takes away Exim's root privilege, unless \\TRUSTED_CONFIG_LIST\\ + is set in \(Local/Makefile)\ and the corresponding file contains a + prefix which matches the alternative configuration file being used. Check that you have defined the spool directory correctly by running @@ -1147,25 +1149,17 @@ Q0065: When (as \/root/\) I use -C to run Exim with an alternate configuration trying to run an \%autoreply%\ transport. Why is this? A0065: When Exim is called with -C, it passes on -C to any instances of itself - that it calls (so that the whole sequence uses the same config file). If - it's running as \/exim/\ when it does this, all is well. However, if it - happens as a consequence of a non-privileged user running \%autoreply%\, - the called Exim gives up its root privilege. Then it can't write to the - spool. - - This means that you can't use -C (even as \/root/\) to run an instance of - Exim that is going to try to run \%autoreply%\ from a process that is - neither \/root/\ nor \/exim/\. Because of the architecture of Exim (using - re-execs to regain privilege), there isn't any way round this - restriction. Therefore, the only way you can make this scenario work is - to run the \%autoreply%\ transport as \/exim/\ (that is, the user that - owns the Exim spool files). This may be satisfactory for autoreplies - that are essentially system-generated, but of course is no good for - autoreplies from unprivileged users, where you want the \%autoreply%\ - transport to be run as the user. To get that to work with an alternate - configuration, you'll have to use two Exim binaries, with different - configuration file names in each. See S001 for a script that patches - the configuration name in an Exim binary. + that it calls (so that the whole sequence uses the same config file). + However, Exim gives up its root privilege if any user except \/root\/ + passes a -C option to use a non-default configuration file, and that + includes the case where Exim re-execs itself to regain root privilege. + Thus it can't write to the spool. + + The fix for this is to use the \\TRUSTED_CONFIG_LIST\\ build-time + option. This defines a file containing a list of 'trusted' prefixes for + configuration files. Any configuration file specified with -C, if it + matches a prefix listed in that file, will be used without dropping root + privileges (as long as it is not writeable by a non-root user). Q0066: What does the message \*unable to set gid=xxx or uid=xxx*\ mean? @@ -2684,7 +2678,7 @@ A0408: Set the \qualify_preserve_domain\ option on the \%redirect%\ router. Q0409: I want mail for any local part at certain virtual domains to go to a single address for each domain. -A0409: One way to to this is +A0409: One way to do this is ==> virtual: driver = redirect