Permissions and delivery of LAN email by exim

To: Debian-User <debian-user@lists.debian.org>
Subject: Permissions and delivery of LAN email by exim
From: David Wright <deblis@lionunicorn.co.uk>
Date: Fri, 16 Aug 2019 14:20:09 -0500
Message-id: <[🔎] 20190816192009.tbnvldflg3isibeh@wren.corp>
Reply-to: debian-user@lists.debian.org

AIUI exim should be able to deliver emails into a user's mbox, but
I'm confused about how exim is meant to do that, because it runs as
user Debian-exim, but mailbox permissions are normally group:mail.

For example, with exim4 on hostR set up as …

  internet site; mail is sent and received directly using SMTP
  Domains to relay mail for: hostS;corp
  Keep number of DNS-queries minimal (Dial-on-Demand)? Yes

  dc_eximconfig_configtype='internet'
  dc_relay_domains='hostS;corp'
  dc_minimaldns='true'

… hostS can send an email to foo@hostR without its being rejected.

At the receiving end, with these lines in /etc/exim4/hubbed_hosts, …

  hostR.corp: 192.168.1.18 mail_spool
  hostR: 192.168.1.18 mail_spool

… when exim tries to deliver this email directly, the exim log shows …

  1hyefl-0001RE-Up <= foo@some-other.domain.tld H=(hostS.corp) [192.168.1.17]
  P=esmtp S=711 id=20190816160149.nckhtqfas3tgefvw@hostS.corp
  1hyefl-0001RE-Up == foo@hostR.corp R=hubbed_hosts T=mail_spool defer (-6):
  mailbox /var/mail/foo has wrong uid (1003 != 111)

… and the email remains stuck in /var/spool/exim.

Background info:
etc/passwd on hostR:

  mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
  Debian-exim:x:111:120::/var/spool/exim4:/usr/sbin/nologin
  foo:x:1003:1003:Mr Chew,,,:/home/foo:/bin/bash

ps -ef on hostR:

  9659     1   111 ?        Ss     0:00 /usr/sbin/exim4 -bd -q30m

ls on hostR:

drwxrwsr-x 2 root        mail  4096 Aug 16 13:24 /var/mail/
-rw-rw---- 1 foo         mail 19284 Aug 16 12:00 /var/mail/foo
-rw-rw---- 1 Debian-exim mail   670 Aug 16 13:24 /var/mail/root

So what piece of the puzzle is missing that would allow exim to
deliver such an email to foo's mbox? Exim has no difficulty, for
example, delivering locally generated emails from cron …

  1hyfaG-00027u-Mt <= root@hostR.corp U=root P=local S=91975
  1hyfaG-00027u-Mt => foo <foo@localhost> R=local_user T=mail_spool
  1hyfaG-00027u-Mt Completed

… nor in delivering remotely sent emails to root:

  1hygu1-0002c1-A7 <= foo@some-other.domain.tld H=(hostS.corp) [192.168.1.17]
  P=esmtp S=734 id=20190816182441.gwbbcru46mt7cfna@hostS.corp
  1hygu1-0002c1-A7 => root@hostR.corp R=hubbed_hosts T=mail_spool H=192.168.1.18
  1hygu1-0002c1-A7 Completed

Cheers,
David.

Reply to:

Follow-Ups:
- Re: Permissions and delivery of LAN email by exim
  - From: Greg Wooledge <wooledg@eeg.ccf.org>

Prev by Date: Confounding behaviour of Empathy.
Next by Date: maximale Monitorgröße auslesen
Previous by thread: Confounding behaviour of Empathy.
Next by thread: Re: Permissions and delivery of LAN email by exim
Index(es):
- Date
- Thread