[Pkg-exim4-users] pipe aliases and permissions

Fri Dec 9 20:21:51 UTC 2005

Hi,

I did a search in gmane for exim mailing lists. It was a nice surprise to 
find a Debian-specific one.

I've been trying to configure the email gateway for roundup 
(http://roundup.sourceforge.net).

In the section on configuring an email interface,

http://roundup.sourceforge.net/doc-0.8/installation.html#configure-an-email-interface

there are instructions about setting up a mail alias pipe process.

However, this does not work out of the box, at least on Debian's exim, 
since the pipe transport is unset, and also there is a permissions issue, 
as described at

http://www.exim.org/exim-html-4.50/doc/html/FAQ.html#TOC198

I'm not completely sure what acutually happens here. Apparently Exim runs 
as different users depending on what it is doing, and in the case it is 
piped to a process you have to tell it because it doesn't know what user 
it should run as, or something?

However, surely it must be running under some default permissions in that 
case? What are those?

Anyway, in the case of roundup the pipe looks like

newtracker: "|/usr/bin/python /usr/bin/roundup-mailgw 
/var/lib/roundup/trackers/newtracker/"

This needs to write to a directory 
(/var/lib/roundup/trackers/newtracker/db), which I've set the gid bit on, 
and also set it to be owned by the group roundup. I added Debian-exim to 
the 'roundup' group.

So, if exim was to write to the directory with owner:group 
Debian-exim:roundup, it would be Ok, but i was getting permission errors. 
Funnily enough, when I set that directory (db) to be writable by anyone, 
the owner:group that I saw for the file created by Exim were in fact 
Debian-exim:roundup.

Can anyone explain to me what is going on here?

Anyway, I'm using the monolithic config file for exim4, 
/etc/exim4/exim4.conf.template, and added the following lines at the 
beginning to fix this.

SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe
SYSTEM_ALIASES_USER = Debian-exim
SYSTEM_ALIASES_GROUP = roundup

The section that uses these variables is the exim4-config_system_aliases 
section.

***********************************************************
system_aliases:
   debug_print = "R: system_aliases for $local_part@$domain"
   driver = redirect
   domains = +local_domains
   allow_fail
   allow_defer
   data = ${lookup{$local_part}lsearch{/etc/aliases}}
   .ifdef SYSTEM_ALIASES_USER
   user = SYSTEM_ALIASES_USER
   .endif
   .ifdef SYSTEM_ALIASES_GROUP
   group = SYSTEM_ALIASES_GROUP
   .endif
   .ifdef SYSTEM_ALIASES_FILE_TRANSPORT
   file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
   .endif
   .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
   pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
   .endif
   .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
   directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
   .endif
********************************************************

My understanding of what is going on here is currently minimal. If anyone 
could recommend good reading about this, I'd be happy to understand it 
better.

However, my immediate question is whether this will break anything. I have 
an /etc/aliases as per usual on Debian, but have not done anything to it 
except the Roundup line quoted above.

Secondly, is this is a reasonable thing to do, and if not, what are the 
alternatives?

Apparently the Debian Exim maintainers consider pipe transports for 
aliases deprecated, and prefer a dedicated router/transport instead. 
However, at the moment I've no idea how to do this.

It is also possible that to do so would require specific knowledge of 
Roundup.

If someone would explain to me how to set this up, I'll submit a wishlist 
bug against the Debian roundup package so other people know what to do.

BTW, has anyone read The Exim SMTP Mail Server Official Guide for Release 
4 (http://www.uit.co.uk/exim-book/)? If so, what did you think of it?

Thanks in advance.                                          Faheem.