Bug#307768: exim4: check_local_user should reject system users?

Marc Sherman Marc Sherman <msherman@projectile.ca>, 307768@bugs.debian.org
Sat, 07 May 2005 08:13:52 -0400 

Marc Sherman wrote:
> 
> Yeah, I thought of that, but I'm having trouble figuring out where to 
> put it.  It needs to go before the first use of check_lcoal_user, but 
> after 400_exim4-config_system_aliases, so that system users (such as 
> root) aliased to normal users continue to work.  However, 
> 300_exim4-config_real_local uses check_local_user.
> 
> It seems to me that 300_exim4-config_real_local should be moved to 550 
> (or perhaps move the contents directly into 
> 600_exim4-config_userforward, at the start of the file).  The real-* 
> addresses only exist to serve the syntax-errors-to setting in the 
> userforward router, so that seems like the right thing to do to me.  It 
> means that real-* won't work for addresses aliased in the system aliases 
> file, but IMO that's a _good_ thing.  For example, I don't want 
> real-clamav@projectile.ca getting delivered to /var/lib/clamav/Maildir/, 
> under any circumstances.

Hi Marc.  So, I've tried out what I described above, and it seems to be 
working for me.  If you're interested in putting it in the debian 
package, here's what I've done:

1) moved 300_exim4-config_real_local to 590_ -- I'd recommend putting it 
right inside the 600 file, if you do this in the package, but I left it 
as a seperate file for ease of diffing if the 300_ file changes in a 
future version

One thing I'm still pondering; should the real-* router be restricted to 
local senders only?  I'm not sure I want external senders being able to 
disable the use of my filters.

2) Added the following router:

root@pyloric:/etc/exim4/conf.d/router# more 450_local_reject_system_uids
# MSS: This router prevents local delivery to UIDs outside the normal
# user range (1000-29999 inclusive).  Ideally, if used in the debian
# package, this router would get those values from /etc/adduser.conf,
# but for my local config, manually testing the magic numbers is
# acceptable.
#
# All local_part_prefixes and _suffixes used at the site should be
# allowed optionally in this router, to ensure that they can't be
# userd to skirt this router's check

reject_system_uids:
   driver = redirect
   domains = +local_domains
   local_part_prefix = real-
   local_part_prefix_optional = true
   check_local_user
   condition = ${if 
or{{<{$local_user_uid}{1000}}{>{$local_user_uid}{29999}}}}
   allow_fail
   data = :fail: System account $local_part does not accept email
   no_more

Please let me know if you can see any obvious problems with this scheme.

Thanks,
- Marc