Skip to content

Further security considerations #313

Description

@MrSleeps

Following on from the messages on this issue #300 , it got me thinking about vexim and security overall. Have we considered further hardening the default exim install. Is there a reason why deliver_drop_privilege hasn't been implemented?

By default, Exim runs many operations with root privileges to fully control the mail queue and deliver messages to local mailboxes. Enabling deliver_drop_privilege changes this behavior:

With deliver_drop_privilege set:

  • Exim changes its user ID and group ID to the vexim user and group at the start of delivery processes
  • It runs most operations, including address routing, in an unprivileged state
  • It does however stop exim from switching to other users (like individual local recipients) during delivery

Without deliver_drop_privilege (default):

  • Exim retains root privileges throughout delivery operations
  • It can change UIDs to match individual recipients when delivering to local mailboxes
exim_user = vexim
exim_group = vexim
deliver_drop_privilege = true
never_users = root
trusted_users = vexim

Is an example of how it could be done?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions