Mailing List Archive

SMTP (+auth) via unix socket?
Hello,

I’m running as root and want to send notifications to remote addresses. I’d like the first “Received” header to show “esmtpa”, but it appears that in order to do that I have to authenticate. Since I’m root and can control the server it seems like this shouldn’t be necessary, but I recognize that if IP connections are the only option to send SMTP, then authentication is necessary.

What if, though, Exim could receive SMTP via a unix socket? Exim could read the socket’s peer credentials on accept(), and if those credentials indicate that the client socket was created as root, then Exim would be justified in considering any SMTP message received from that socket to be authenticated.

It would also be a slightly faster interface into Exim since the connection wouldn’t have the TCP/IP overhead.

Has anything like this been discussed previously?

Thank you!

-Felipe Gasper
Mississauga, Ontario
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SMTP (+auth) via unix socket? [ In reply to ]
On 08/10/2018 22:12, Felipe Gasper via Exim-users wrote:
> What if, though, Exim could receive SMTP via a unix socket? Exim could read the socket’s peer credentials on accept(), and if those credentials indicate that the client socket was created as root, then Exim would be justified in considering any SMTP message received from that socket to be authenticated.

We'd have to write a customer authenticator type. Not impossible,
but I'm not convinced there's enough demand.

> It would also be a slightly faster interface into Exim since the connection wouldn’t have the TCP/IP overhead
Use the "-bh" option and just talk SMTP over a pipe to Exim.


Or, you could just hack on the received_header_text main configuration
option.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SMTP (+auth) via unix socket? [ In reply to ]
On 2018-10-08, Felipe Gasper via Exim-users <exim-users@exim.org> wrote:
> Hello,
>
> I’m running as root and want to send notifications to remote
> addresses. I’d like the first “Received” header to show “esmtpa”, but
> it appears that in order to do that I have to authenticate. Since I’m
> root and can control the server it seems like this shouldn’t be
> necessary, but I recognize that if IP connections are the only option
> to send SMTP, then authentication is necessary.

The received header is a sting expansion - so you can put anything at
all in there. If you want to change it it could mean pawing over chapter
11 of the spec and typing lots of braces into the config.

> What if, though, Exim could receive SMTP via a unix socket?
> Exim could read the socket’s peer credentials on accept(), and if
> those credentials indicate that the client socket was created as root,
> then Exim would be justified in considering any SMTP message received
> from that socket to be authenticated.

root and trusted_users and trusted_groups (config settings)

It could also treat a user socket as authenticated by that user, same
as local submission... but local submission normally gets a different
method in the received header...

--
Notsodium is mined on the banks of denial.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SMTP (+auth) via unix socket? [ In reply to ]
* Felipe Gasper via Exim-users [2018-10-08 17:12]:
> Hello,
>
> I’m running as root and want to send notifications to remote
> addresses. I’d like the first “Received” header to show “esmtpa”,
> but it appears that in order to do that I have to authenticate.
> Since I’m root and can control the server it seems like this
> shouldn’t be necessary, but I recognize that if IP connections are
> the only option to send SMTP, then authentication is necessary.

Pipe it to exim from command line and use "-oMr esmtpa" to specify the protocol?

Have a look at
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html
and look for options that start with -oMa...

--
-- Kirill Miazine <km@krot.org>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/