Need your comments about real-foo and lowuid mechanisms

Hi,

Andreas and I are having kind of an argument in #440217.

I still need a tiny nudge to follow Andreas' argumentation.

Can the other people on this list please comment?

Greetings
Marc

--

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Re: Need your comments about real-foo and lowuid mechanisms

On Wednesday 05 September 2007 22:14, Marc Haber wrote:
> Andreas and I are having kind of an argument in #440217.

I'm not sure I've followed the issue, but isn't this a followup to Bug 
#400790: exim4-config: Reject mail to system users from non-local sources? 
Can't that be solved more easily by adding a condition to *both* real_local 
and local_user, rather than wedging in a router that returns "fail"?

-- 
Magnus Holmgren        holmgren <at> lysator.liu.se
                       (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans

On Wednesday 05 September 2007 22:14, Marc Haber wrote:
> Andreas and I are having kind of an argument in #440217.

I'm not sure I've followed the issue, but isn't this a followup to Bug 
#400790: exim4-config: Reject mail to system users from non-local sources? 
Can't that be solved more easily by adding a condition to *both* real_local 
and local_user, rather than wedging in a router that returns "fail"?

--

-- 
Magnus Holmgren        holmgren <at> lysator.liu.se
                       (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans

Re: Need your comments about real-foo and lowuid mechanisms

On 2007-09-07 Magnus Holmgren <holmgren <at> lysator.liu.se> wrote:
> On Wednesday 05 September 2007 22:14, Marc Haber wrote:
>> Andreas and I are having kind of an argument in #440217.

> I'm not sure I've followed the issue, but isn't this a followup to Bug 
> #400790: exim4-config: Reject mail to system users from non-local sources?

Hello,

Yes, it is related. We both would like to block both sshd <at> domain and
real-sshd <at> domain at least for non-local mails.

*Me* thinks this must not be done by breaking existing and used
/etc/aliases functionality.  (e.g by breaking abuse <at> domain, unless the
admin sets *addional manual steps.)

*Afaict* Marc thinks the breakage is acceptable if it is boldly
documented since this is an optional feature. (Marc, please correct me
if this incorrect.)

> Can't that be solved more easily by adding a condition to *both* real_local 
> and local_user, rather than wedging in a router that returns "fail"?

Whether to add conditions to existing routers or to add a separate
deny router is mor a matter of implementation than a alternative
solution to our disagreement.

Currently local routers are ordered like this:

1 block low user id from remote (disabled by default)

Re: Need your comments about real-foo and lowuid mechanisms

On 2007-09-08 Andreas Metzler <ametzler <at> downhill.at.eu.org> wrote:
[...]

Please wait for me coming back next week, before finalizing the
resolution.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

On 2007-09-08 Andreas Metzler <ametzler <at> downhill.at.eu.org> wrote:
[...]

Please wait for me coming back next week, before finalizing the
resolution.

cu andreas
--

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

VAC Sept 10 - Sept 19

Hello,

I will be on vacation until Sept 19, without Internet access except
for perhaps E-Mail.

The important stuff is team maintained anyway, so please check the
maintainer e-mail address before NMUing.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Hello,

I will be on vacation until Sept 19, without Internet access except
for perhaps E-Mail.

The important stuff is team maintained anyway, so please check the
maintainer e-mail address before NMUing.

cu andreas
--

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Re: Need your comments about real-foo and lowuid mechanisms

On Fri, Sep 07, 2007 at 09:40:51PM +0200, Magnus Holmgren wrote:
> I'm not sure I've followed the issue, but isn't this a followup to Bug 
> #400790: exim4-config: Reject mail to system users from non-local sources? 
> Can't that be solved more easily by adding a condition to *both* real_local 
> and local_user, rather than wedging in a router that returns "fail"?

I decided against doing so because the condition was rather
complicated, and I wanted to have an exeption list. The actual
condition got a lot simpler during implementation when I decided to
use a macro for the condition itself.

I still think that the method with a dedicated router was the most
elegant one.

Greetings
Marc

--

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

Re: Need your comments about real-foo and lowuid mechanisms

The lack of interest to this topic has convinced me. real- will be
confined to locally generated mail.

On Sat, Sep 08, 2007 at 02:10:49PM +0200, Andreas Metzler wrote:
> Personally I would suggest this (setup after enabling lowuid
> functionality):
> 
> 1 real_local (unless low user id from remote, or perhaps even blocked
>   for any remote ip no matter which destination.)

### router/300_exim4-config_real_local
#################################

# This router allows reaching a local user while avoiding local
# processing. This can be used to inform a user of a broken .forward
# file, for example. The userforward router does this.

COND_LOCAL_SUBMITTER = "\
               ${if match_ip{$sender_host_address}{: <at> []}\
                    {1}{0}\
                }"

real_local:
  debug_print = "R: real_local for $local_part <at> $domain"
  driver = accept
  domains = +local_domains
  condition = COND_LOCAL_SUBMITTER
  local_part_prefix = real-
  check_local_user
  transport = LOCAL_DELIVERY

Re: Need your comments about real-foo and lowuid mechanisms

On 2007-09-16 Marc Haber <mh+pkg-exim4-devel <at> zugschlus.de> wrote:
> The lack of interest to this topic has convinced me. real- will be
> confined to locally generated mail.

Hello,

thanks for considering this.

> On Sat, Sep 08, 2007 at 02:10:49PM +0200, Andreas Metzler wrote:
> > Personally I would suggest this (setup after enabling lowuid
> > functionality):

> > 1 real_local (unless low user id from remote, or perhaps even blocked
> >   for any remote ip no matter which destination.)

> ### router/300_exim4-config_real_local
> #################################

> # This router allows reaching a local user while avoiding local
> # processing. This can be used to inform a user of a broken .forward
> # file, for example. The userforward router does this.

> COND_LOCAL_SUBMITTER = "\
>                ${if match_ip{$sender_host_address}{: <at> []}\
>                     {1}{0}\
>                 }"

> real_local:
>   debug_print = "R: real_local for $local_part <at> $domain"
>   driver = accept

Re: Need your comments about real-foo and lowuid mechanisms

Hi,

Andreas Metzler:
> .ifndef COND_LOCAL_SUBMITTER
> -------------------------------------------------
> 
> NEWS/changelog/README might note that setting
> COND_LOCAL_SUBMITTER = true
> gets back the old behavior.

Unfortunately, COND_LOCAL_SUBMITTER = false would also get back the
old behavior.

Please try not to do that.

--

-- 
Matthias Urlichs   |   {M:U} IT Design  <at>  m-u-it.de   |  smurf <at> smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
 - -
The things which belong to others please us more, and that which is ours is
more pleasing to other.
					-- Syrus

Re: Need your comments about real-foo and lowuid mechanisms

On Thu, Sep 20, 2007 at 03:31:03PM +0200, Andreas Metzler wrote:
> On 2007-09-16 Marc Haber <mh+pkg-exim4-devel <at> zugschlus.de> wrote:
> -------------------------------------------------
> ### router/300_exim4-config_real_local
> #################################
> 
> # This router allows reaching a local user while avoiding local
> # processing. This can be used to inform a user of a broken .forward
> # file, for example. The userforward router does this.
> # Only mails genarated on the local machine are considered by this
> # router.
> 
> .ifndef COND_LOCAL_SUBMITTER
> COND_LOCAL_SUBMITTER = "\
>                ${if match_ip{$sender_host_address}{: <at> []}\
>                     {1}{0}\
>                 }"
> .endif
> 
> real_local:
>   debug_print = "R: real_local for $local_part <at> $domain"
>   driver = accept
>   domains = +local_domains
>   local_part_prefix = real-
>   check_local_user
>   transport = LOCAL_DELIVERY
> -------------------------------------------------
> 
> NEWS/changelog/README might note that setting
> COND_LOCAL_SUBMITTER = true