On Sat, Feb 21, 2004 at 09:45:19AM -0500, Greg Wooledge wrote:
On Fri, Feb 20, 2004 at 11:12:31PM -0600,
mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:
To read the secrets file, a program requires special privilages.
No it does not. You are assuming that the MTA has switch its running uid to
the recipient's UID at that stage. I would not implement it there.
If I recall correctly, the context for the "special privileges" part
was when a user wanted to forward mail through a ~/.forward or ~/.qmail
file using something like "|/usr/bin/srs --forward
me(_at_)other(_dot_)domain".
That's just an implementation decision which I wouldn't use.
In exim, I would simply apply a router which says:
- is the sender domain non-local?
- is the recipient domain non-local?
- if so, apply SRS rewriting to the sender (i.e. plain to srs0, srs0 to srs1,
or srs1 to srs1 with a different domain)
That makes it completely transparent to users, who can use .forward files in
their normal way.
Brian.