Pkg exim4 users - Oct 2005 - Catchall for system users

I''d like all mail to system users to go to root, which is then
forwarded
to me.  The inspiration was the discovery that some system accounts were
getting actual mail, and I hadn''t noticed.  /etc/alias does not list
all
system users, though a fair number are in there and set to root.

307768 has discussion of this, but the example there fails addresses and
involves resequencing some of the default files.  On the other hand, I
do want to capture even the real-* addresses.

So how does this router look?

250_rb_catch_system (before the real-* router):

catch_system_uids:
   driver = redirect
   domains = +local_domains
   user = ! root
   local_part_prefix = real-
   local_part_prefix_optional = true
   check_local_user
   condition = ${if
or{{<{$local_user_uid}{1000}}{>{$local_user_uid}{29999}}}}
   data = root
-- 
Ross Boylan                                      wk:  (415) 514-8146
185 Berry St #5700                               ross@biostat.ucsf.edu
Dept of Epidemiology and Biostatistics           fax: (415) 514-8150
University of California, San Francisco
San Francisco, CA 94107-1739                     hm:  (415) 550-1062

On 2005-10-07 Ross Boylan <ross@biostat.ucsf.edu>
wrote:
> I''d like all mail to system users to go to root, which is then
forwarded
> to me.  The inspiration was the discovery that some system accounts were
> getting actual mail, and I hadn''t noticed.  /etc/alias does not
list all
> system users, though a fair number are in there and set to root.
> 307768 has discussion of this, but the example there fails addresses and
> involves resequencing some of the default files.  On the other hand, I
> do want to capture even the real-* addresses.
Hello,
Imho real-* should either be dealt with identically as in other
szenarios (i.e. real-* _forces_ /local/ delivery with LOCAL_DELIVERY)
or be rejected. Redirecting it to a possible non-local address seems
to be wrong.

I think changing the real-* router to ignore system-users might be
better. This way the new router could go _after_ the system aliases
router, which I think to be a must. - The new router must not override
/etc/aliases. Actually I think it should be one of the very last
routers, right before local_user.
> So how does this router look?
> 250_rb_catch_system (before the real-* router):
> catch_system_uids:
>    driver = redirect
>    domains = +local_domains
>    user = ! root
>    local_part_prefix = real-
>    local_part_prefix_optional = true
>    check_local_user
>    condition = ${if or{{<{$local_user_uid}{1000}}
>                        {>{$local_user_uid}{29999}}}}
>    data = root
29999 seems to be wrong, system-users live in 0-999 and 60000-64999
(/usr/share/doc/base-passwd/README). And I am already feeling queasy
about ignoring such a broad range, I am sure there are lots of
(misconfigured) systtems around that are using 60000-63000 for normal
accounts.
                cu andreas

-- 
"See, I told you they''d listen to Reason," [SPOILER] Svfurlr
fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"

On Sat, Oct 08, 2005 at 10:02:49AM +0200, Andreas Metzler
wrote:
> On 2005-10-07 Ross Boylan <ross@biostat.ucsf.edu> wrote:
> > I''d like all mail to system users to go to root, which is
then forwarded
> > to me.  The inspiration was the discovery that some system accounts
were
> > getting actual mail, and I hadn''t noticed.  /etc/alias does
not list all
> > system users, though a fair number are in there and set to root.
> 
> > 307768 has discussion of this, but the example there fails addresses
and
> > involves resequencing some of the default files.  On the other hand, I
> > do want to capture even the real-* addresses.
> 
> Hello,
> Imho real-* should either be dealt with identically as in other
> szenarios (i.e. real-* _forces_ /local/ delivery with LOCAL_DELIVERY)
> or be rejected. Redirecting it to a possible non-local address seems
> to be wrong.
The redirection is to root; on my system the eventual delivery is
local.  Admittedly, this is not true in general.
> 
> I think changing the real-* router to ignore system-users might be
> better. This way the new router could go _after_ the system aliases
> router, which I think to be a must. - The new router must not override
> /etc/aliases. Actually I think it should be one of the very last
> routers, right before local_user.
That seems like a good way to change the sequencing.  In the current
scheme could a snippet go after the real-* router, e.g.,
310_exim4-config_real_local_excludes:
    condition = ! ${if or{{<{$local_user_uid}{1000}}
                         {>{$local_user_uid}{29999}}}}


I''m not very aware of the conditions under which a real* address would
be used (I think error messages in the default config), but I am aware
that if mail goes to one of the system users I will probably never see
it.

> 
> > So how does this router look?
> 
> > 250_rb_catch_system (before the real-* router):
> 
> > catch_system_uids:
> >    driver = redirect
> >    domains = +local_domains
> >    user = ! root
> >    local_part_prefix = real-
> >    local_part_prefix_optional = true
> >    check_local_user
> >    condition = ${if or{{<{$local_user_uid}{1000}}
> >                        {>{$local_user_uid}{29999}}}}
> >    data = root
> 
> 29999 seems to be wrong, system-users live in 0-999 and 60000-64999
> (/usr/share/doc/base-passwd/README). And I am already feeling queasy
> about ignoring such a broad range, I am sure there are lots of
> (misconfigured) systtems around that are using 60000-63000 for normal
> accounts.
Thanks for the info; I was copying from the bug reported I mentioned
originally.  That report does note that more careful ways of getting
the range would be good.

My immediate concern is with my own systems; clearly the standard for
making something part of the distribution is higher.
>                 cu andreas
> 
P.S.  I notice that the 300_exim4-config_real_local snippet begins
### router/400_exim4-config_system_aliases
That doesn''t look quite right :)

Also, I recall reading that exim4-config was not dependent on exim4 so
that the configuration could be setup prior to activating the system.
However, installing it on my exim3 system kicks out exim3, I think
because exim4-config conflicts with exim.  It would be great if that
didn''t happen.  (Only relation to previous stuff is that I was trying
to look at the exim4 configuration on my exim3 machine to respond to
the earlier points.)

On Sat, Oct 08, 2005 at 08:48:48AM -0700, Ross Boylan
wrote:
> > I think changing the real-* router to ignore system-users might be
> > better. This way the new router could go _after_ the system aliases
> > router, which I think to be a must. - The new router must not override
> > /etc/aliases. Actually I think it should be one of the very last
> > routers, right before local_user.
> 
> That seems like a good way to change the sequencing.  In the current
> scheme could a snippet go after the real-* router, e.g.,
> 310_exim4-config_real_local_excludes:
>     condition = ! ${if or{{<{$local_user_uid}{1000}}
>                          {>{$local_user_uid}{29999}}}}
That strikes me as actually very fragile. If we introduce this, we
should do so in the real_local file itself.
> I''m not very aware of the conditions under which a real* address
would
> be used (I think error messages in the default config), but I am aware
> that if mail goes to one of the system users I will probably never see
> it.
It is basically meant to have a means to reach a user even if its
mail setup is somehow screwed. I don''t feel quite strongly about this.
Afaics, this was taken verbatim from exim 3, and exim are the only
Debian packages having that kind of exception mechanism.

This might be motivation to remove it entirely, or to do it _right_,
using the methods outlined in this thread, and to get rid of the
constantly broken mechanism of redirection of system accounts in
/etc/aliases as well.

I still believe that this needs discussion on debian-devel. Anybody
wants to start that discussion?
> My immediate concern is with my own systems; clearly the standard for
> making something part of the distribution is higher.
Right. And since we use dpkg-conffiles here, you''re free to do your
local changes there without having us object.
> P.S.  I notice that the 300_exim4-config_real_local snippet begins
> ### router/400_exim4-config_system_aliases
> That doesn''t look quite right :)
That one was actually already (partially) fixed in svn, and I have not
fully fixed it.
> Also, I recall reading that exim4-config was not dependent on exim4 so
> that the configuration could be setup prior to activating the system.
> However, installing it on my exim3 system kicks out exim3, I think
> because exim4-config conflicts with exim.  It would be great if that
> didn''t happen.  (Only relation to previous stuff is that I was
trying
> to look at the exim4 configuration on my exim3 machine to respond to
> the earlier points.)
The package dependencies have been a mess to work out. I''d like to
avoid changing them in the next few million years unless somebody
suggesting a change gives sufficient proof that the change has been
checked and tested to hell and back.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

On Sat, Oct 08, 2005 at 10:02:49AM +0200, Andreas Metzler
wrote:
> On 2005-10-07 Ross Boylan <ross@biostat.ucsf.edu> wrote:
> > I''d like all mail to system users to go to root, which is
then forwarded
> > to me.  The inspiration was the discovery that some system accounts
were
> > getting actual mail, and I hadn''t noticed.  /etc/alias does
not list all
> > system users, though a fair number are in there and set to root.
> 
> > 307768 has discussion of this, but the example there fails addresses
and
> > involves resequencing some of the default files.  On the other hand, I
> > do want to capture even the real-* addresses.
> 
> Imho real-* should either be dealt with identically as in other
> szenarios (i.e. real-* _forces_ /local/ delivery with LOCAL_DELIVERY)
> or be rejected. Redirecting it to a possible non-local address seems
> to be wrong.
Confirmed.
> I think changing the real-* router to ignore system-users might be
> better. This way the new router could go _after_ the system aliases
> router, which I think to be a must. - The new router must not override
> /etc/aliases. Actually I think it should be one of the very last
> routers, right before local_user.
Agreed.
> 29999 seems to be wrong, system-users live in 0-999 and 60000-64999
> (/usr/share/doc/base-passwd/README). And I am already feeling queasy
> about ignoring such a broad range, I am sure there are lots of
> (misconfigured) systtems around that are using 60000-63000 for normal
> accounts.
We could use a macro here so that people running misconfigured systems
could have exim adapt. But in the default state, the behavior should
be policy compliant to the letter.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835