pass UID of submitter to sendmail MTA

Some time ago I started this thread, but had no time to end it
properly.

http://groups.google.com/group/comp....1ac90d13dc6b97

I have rethought about this problem and all boils down to the misuse
of users having the ability to start /usr/lib/sendmail to initiate,
say redirects from Sieve scripts etc.

The MTA is doing some sanity checking about sender/recipient pairs and
some recipients are to be mailed to by authorized senders only.
Currently I trust localhost to pass a valid envelope from, though
there are requests that undermine this assumption.

The most easy way for me would be, if I can get the submitter (aka /
usr/lib/sendmail) to pass the original UID of the calling user toward
the MTA.

To Andrew: I do not really have "user groups", it's rather organized
like so that a milter checks the either "if authorized at all" or "is
member of the allow list of recipient XYZ" or "is member of a
paritcular POSIX group".

ska

ska <skg@mail.inf.fh-brs.de> wrote:

> Some time ago I started this thread, but had no time to end it
> properly.
>
> http://groups.google.com/group/comp....1ac90d13dc6b97
>
> I have rethought about this problem and all boils down to the misuse
> of users having the ability to start /usr/lib/sendmail to initiate,
> say redirects from Sieve scripts etc.
>
> The MTA is doing some sanity checking about sender/recipient pairs and
> some recipients are to be mailed to by authorized senders only.
> Currently I trust localhost to pass a valid envelope from, though
> there are requests that undermine this assumption.
>
> The most easy way for me would be, if I can get the submitter (aka /
> usr/lib/sendmail) to pass the original UID of the calling user toward
> the MTA.
>
> To Andrew: I do not really have "user groups", it's rather organized
> like so that a milter checks the either "if authorized at all" or "is
> member of the allow list of recipient XYZ" or "is member of a
> paritcular POSIX group".

1) you can trust $_ info for connections from 127.0.0.1 as "computed" by
MTA daemon (it will give you "user id") - milter can get it directly.
It would handle most cases except MSA delivery retries in point 2
2) you may trust $_ as inserted by MSA if connection from 127.0.0.1 is
from "user designated to run MSA queue" - milter may retrieve it from
Received: headers.
It would handle cases of "MSA delivery retries"

--
[pl>en Andrew] Andrzej Adam Filip : anfi@onet.eu : anfi@xl.wp.pl
The 'A' is for content, the 'minus' is for not typing it.
Don't ever do this to my eyes again.
-- Professor Ronald Brady, Philosophy, Ramapo State College

Hm, I wonder why I missed $_ before and honored the auth_* macros
only, maybe because sendmail stuffs ident information there, which I
would normally ignore, but in localhost I trust

> 1) you can trust $_ info for connections from 127.0.0.1 as "computed" by
> MTA daemon (it will give you "user id") - milter can get it directly.
> 2) you may trust $_ as inserted by MSA if connection from 127.0.0.1 is
> from "user designated to run MSA queue" - milter may retrieve it from
> Received: headers.
> It would handle cases of "MSA delivery retries"

Yep, the info is right there, went to coding now.

Thanks, Andrew!