[Pkg-exim4-users] local mail addressed to root

[Marc Haber]

On Fri, Nov 03, 2006 at 07:51:46PM -0800, Larry Fletcher wrote:
> On Nov 04, 2006, Magnus Holmgren wrote:
> > On Friday 03 November 2006 22:04, Larry Fletcher took the opportunity to say:
> > > I started using Debian about 7 years ago and I have always logged in
> > > as root.  
> > 
> > You will probably hear this from many, but why are you foregoing the
> > extra   security a real operating system gives you when you do your
> > everyday work as   an unprivileged user? Always logging in as root is
> > like running Windows 95.   Microsoft just recently made a decent
> > effort encouraging users to create a   normal user account on
> > installation. The Debian installer urges you to create   an
> > unprivileged account and has probably always done so.
> 
> There are a number of reasons, but the bottom line is it's a lot
> easier.

It is still a stupid idea, and I am opposed to modifying the exim
packages in a way to allow you to shoot yourself in the foot.

>   At least I thought it was a lot easier when I started using Debian
>   and it seems like too much trouble to change it now when everything
>   is working so well.  But if other packages go the way of exim I'll
>   be forced to change.

Changing this mode of operation is a wise idea.

> > > This worked fine until I had to upgrade to Exim4.  To be 
> > > able receive local mail I had to create another user and direct the
> > > root mail to it, then create /etc/procmailrc using a symlink from
> > > ~/.procmailrc.  This worked fine until I decided to remove the
> > > Smartlist package.  Now local mail is is still delivered, but
> > > /etc/procmailrc is not checked.  Smartlist never used the exim config,
> > > so I don't why removing it causes a problem.
> > 
> > Exim 4 never delivers mail as root. That's a compilation setting, so
> > you can't  change it without recompiling. But you can give the other
> > user write  permission to root's mailbox and have Exim or procmail
> > deliver it there. But I wouldn't recommend it.
> 
> I added the user to the root group, but I don't know what to
> do beyond that.  However exim still doesn't use /etc/procmailrc
> and that's the big problem.

Both exim 3 and exim4 just call /usr/bin/procmail while running as the
target user, and according to the procmail manpage (I have never used
procmail), procmail always reads /etc/procmail as kind of system-wide
default before accessing ~/.procmailrc. So, I guess that you have a
procmail issue here if it does not read /etc/procmail before
~/.procmail. No idea why this issue has surfaced during your exim
migration. Maybe somebody else who is more familiar with procmail can
comment here.

> > Why /etc/procmailrc isn't read any more is a bit of a mystery and
> > can't be  determined without more information, I think. But I know
> > that smartlist is  procmail-based. Have you customised your Exim
> > configuration? What else can  you say about /etc/procmailrc and
> > ~/.procmailrc?
> 
> /etc/procmailrc was a link to ~/.procmailrc,

Why? /etc/procmailrc seems to be always read before ~/.procmailrc,
thus linking one to the other is probably only redefining things.

> It seems very strange to me that there is no way to get exim to
> use /etc/procmailrc now, even though that's the default in the
> config file.

No exim version I am aware of has ever accessed /etc/procmailrc
directly. All exim does is piping messages to a procmail process.

> > > I am using Debian stable and can't compile from source.
> > 
> > Why not? If it's because of lack of knowledge, that problem can be
> > solved. But  again, I wouldn't recommend it (meaning, I do recommend
> > learning things, but  I don't recommend always running as root).
> 
> I thought about mentioning the lack of knowledge, but decided it
> was obvious. :-)

Before you compile exim from source, better get acquainted with its
configuration and the UNIX privilege system.

> I wish there was some way to make it work by just changing the exim
> config file, but it doesn't look like that will happen.

You could make your mail spool (I do not know which format you use)
writeable for your non-root user, or you can configure your mail
client running as root (YUCK!!!) to access a file that is not root's
mail spool but the mail spool of a different user.

> I wasn't expecting a response, so thanks for trying to help!

The most valueable help you get is "do not work as root".

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835