[Pkg-exim4-users] Catchall for system users

Sat Oct 8 15:48:48 UTC 2005

On Sat, Oct 08, 2005 at 10:02:49AM +0200, Andreas Metzler wrote:
> On 2005-10-07 Ross Boylan <ross at biostat.ucsf.edu> wrote:
> > I'd like all mail to system users to go to root, which is then forwarded
> > to me.  The inspiration was the discovery that some system accounts were
> > getting actual mail, and I hadn't noticed.  /etc/alias does not list all
> > system users, though a fair number are in there and set to root.
> 
> > 307768 has discussion of this, but the example there fails addresses and
> > involves resequencing some of the default files.  On the other hand, I
> > do want to capture even the real-* addresses.
> 
> Hello,
> Imho real-* should either be dealt with identically as in other
> szenarios (i.e. real-* _forces_ /local/ delivery with LOCAL_DELIVERY)
> or be rejected. Redirecting it to a possible non-local address seems
> to be wrong.

The redirection is to root; on my system the eventual delivery is
local.  Admittedly, this is not true in general.

> 
> I think changing the real-* router to ignore system-users might be
> better. This way the new router could go _after_ the system aliases
> router, which I think to be a must. - The new router must not override
> /etc/aliases. Actually I think it should be one of the very last
> routers, right before local_user.

That seems like a good way to change the sequencing.  In the current
scheme could a snippet go after the real-* router, e.g.,
310_exim4-config_real_local_excludes:
    condition = ! ${if or{{<{$local_user_uid}{1000}}
                         {>{$local_user_uid}{29999}}}}

I'm not very aware of the conditions under which a real* address would
be used (I think error messages in the default config), but I am aware
that if mail goes to one of the system users I will probably never see
it.

> 
> > So how does this router look?
> 
> > 250_rb_catch_system (before the real-* router):
> 
> > catch_system_uids:
> >    driver = redirect
> >    domains = +local_domains
> >    user = ! root
> >    local_part_prefix = real-
> >    local_part_prefix_optional = true
> >    check_local_user
> >    condition = ${if or{{<{$local_user_uid}{1000}}
> >                        {>{$local_user_uid}{29999}}}}
> >    data = root
> 
> 29999 seems to be wrong, system-users live in 0-999 and 60000-64999
> (/usr/share/doc/base-passwd/README). And I am already feeling queasy
> about ignoring such a broad range, I am sure there are lots of
> (misconfigured) systtems around that are using 60000-63000 for normal
> accounts.

Thanks for the info; I was copying from the bug reported I mentioned
originally.  That report does note that more careful ways of getting
the range would be good.

My immediate concern is with my own systems; clearly the standard for
making something part of the distribution is higher.

>                 cu andreas
> 

P.S.  I notice that the 300_exim4-config_real_local snippet begins
### router/400_exim4-config_system_aliases
That doesn't look quite right :)

Also, I recall reading that exim4-config was not dependent on exim4 so
that the configuration could be setup prior to activating the system.
However, installing it on my exim3 system kicks out exim3, I think
because exim4-config conflicts with exim.  It would be great if that
didn't happen.  (Only relation to previous stuff is that I was trying
to look at the exim4 configuration on my exim3 machine to respond to
the earlier points.)