Q0029
Nigel Metheringham edited this page Nov 29, 2012
·
2 revisions
I can't seem to figure out why PAM support doesn't work correctly.
There is a problem using PAM with shadow passwords when the calling program is not running as root. Exim is normally running as the Exim user when authenticating a remote host.
-
One solution can be found at http://www.e-admin.de/pam_exim/.
-
PAM 0.72 allows authorization as non-root, using setuid helper programs. Furthermore, in /etc/pam.d/exim you can explicitly specify that this authorization (using setuid helpers) is only permitted for certain users and groups.
-
Another approach is to authenticate using the saslauthd daemon, which has its own interface to PAM. The daemon runs as root, so there is no access problem.
-
One suggested solution was to set
exim_group=shadow
in the configuration file, or the equivalent at build time. This is very strongly discouraged. Do not do it! It works, but it's a potential security exposure. Exim is intended to run as a non-privileged user for much of the time. This setting gives it have privileged access to crucial security information all of the time, simply for the purposes of authentication (which Exim will only spend a tiny part of its total time doing). The result is that a successful compromise of the Exim system can give someone direct access to the system passwords.
- Exim is crashing. What is wrong?
- Exim is not working. What is wrong? How can I check what it is doing?
- What does the error *Child process of address_pipe transport returned
- My virtual domain setup isn't working. How can I debug it?
- Why is Exim not rejecting incoming messages addressed to non-existent
- I've put an entry for
*.my.domainin a DBM lookup file, but it isn't - I've put the entry
*@domain.comin a lookup database, but it isn't - If I run
./exim -d -bt user@domainall seems well, but when I send a - What does *no immediate delivery: too many messages received in one SMTP
- Exim puts for address in the Received: headers of some, but
- Instead of exim_dbmbuild, I'm using a homegrown program to build DBM
- Exim is unable to route to any remote domains. It doesn't seen to be
- What does the error message *transport system_aliases: cannot find
- Exim is timing out after receiving and responding to the DATA command
- What does the message *Socket bind() to port 25 for address (any)
- I've set
verify = header_syntaxin my ACL, but this causes Exim to - Whenever Exim tries to deliver a specific message to a particular
- Why do messages not get delivered down the same connection when I do
- There seems to be a problem in the string expansion code: it doesn't
- Why do connections to my machine's SMTP port take a long time to respond
- What does failed to create child process to send failure message mean?
- What does No transport set by system filter in a log line mean?
- Why is Exim refusing to relay, saying *failed to find host name from IP
- When I run
exim -bd -q10mI get PANIC LOG: exec of exim -q failed. - I can't seem to get a pipe command to run when I include a
${if - I'm trying to get Exim to connect an alias to a pipe, but it always
- What does the error Spool file is locked mean?
- Exim is reporting IP addresses as 0.0.0.0 or 255.255.255.255 instead of
- I can't seem to figure out why PAM support doesn't work correctly.
- I'm trying to use a query-style lookup for hosts that are allowed to
- Exim is rejecting connections from hosts that have more than one IP
- Exim is failing to find the MySQL library, even though is it present
- What does the error lookup of host "xx.xx.xx" failed in yyy router
- Exim works fine on one host, but when I copied the binary to another
- I set a
hostscondition in an ACL to do a lookup in a file of IP - Why do I get the error *Permission denied: creating lock file hitching
- I am experiencing mailbox locking problems with Sun's
mailtoolused - What does the error message *error in forward file (filtering not
- I have installed Exim, but now I can't mail to root any more. Why is
- How can I stop undeliverable bounce messages (e.g. to routeable, but
- What does the message *unable to set gid=ddd or uid=ddd (euid=ddd):
- My ISP's mail server is rejecting bounce messages from Exim, complaining
- What does the error *Unable to get interface configuration: 22 Invalid
- What does the error Failed to create spool file mean?
- I see entries in the log that mention two different IP addresses for the
- A short time after I start Exim I see a defunct zombie process. What is
- On a reboot, or a restart of the mail system, I see the message *Mailer
- Whenever exim restarts it takes up to 3-5 minutes to start responding on
- What does the log message *no immediate delivery: more than 10 messages
- I am getting complaints from a customer who uses my Exim server for
- When I test my system filter with -bf, I get the error *filtering
- What does ridiculously long message header in an error report mean?
- Exim on my host responds to a connection with
220 *****...and won't - I'm getting an Exim configuration error *unknown rewrite flag character
- What does the error *Failed to open wait-remote_smtp database: Invalid
- We are using Exim to send mail from our web server. However, whenever a
- We've got people complaining about attachments that don't show up as
- What does the error failed to open DB file /var/spool/exim/db/retry*:
- When my Outlook Express 6.0 client sends a STARTTLS command to begin a
- Why am I getting the error failed to expand
/data/lists/lists/${lc - What does the error Too many Received headers - suspected mail loop mean?
- When I try to start an Exim daemon with -bd it crashes. I ran a
- When I try to start an Exim daemon, nothing happens. There is no
- When I run
exim -d test@domainit delivers fine, but when I send a - When (as root) I use -C to run Exim with an alternate configuration
- What does the message unable to set gid=xxx or uid=xxx mean?
- What does the error too many unrecognized commands mean?
- Exim times out when trying to connect to some hosts, though those hosts
- What does the error *SMTP data timeout (message abandoned) on connection
- What does the error SMTP command timeout on connection from... mean?
- What does the error failed to open DB file /var/spool/exim//db/retry*:
- Exim will deliver to normal aliases, and aliases that are pipes or
- I'm seeing log file corruption, with parts of log lines getting mangled
- What does the error message *remote delivery process count got out of
- I'm using LDAP, and some email addresses that contain special characters
- I've configured Exim to use syslog for its logs, with the main and
- I've installed Exim and it is delivering mail just fine. However, when I
- Exim is logging the unknown SMTP command
XXXXfrom my client hosts, - Our new PIX firewall is causing problems with incoming mail. How can
- Am I to understand that the database lookups must only return one value?
- What does error in redirect data: included file xxxx is too big mean?
- What does relocation error: /lib/libnss_dns.so.2: symbol
- Netscape on Unix is sending messages containing an unqualified user name
- I want to set up an alias that pipes a message to gpg and then pipes
- I see a lot of rejected EHLO ... syntactically invalid argument(s). I
- What does *SMTP protocol violation: synchronization error (next input
- What does *rejected after DATA: malformed address: xx@yy may not follow
- The Windows mailer SENDFILE.EXE sometimes hangs while trying to send a
- What does the error *kernel: application bug: exim(12099) has SIGCHLD
- I can't seem to get a pipe command to run when I include a
${lookup - Why is Exim giving the error *Failed to send message from address_reply
- The error message Program received signal SIGINT, Interrupt. occurs
- Why is email not being received? Messages are being lost with no entry