On Mon, May 19, 2025 at 03:07:45PM +0100, Richard Lewis wrote:
On Mon, 19 May 2025 at 12:29, Marc Haber
<[email protected]> wrote:
On Sat, May 17, 2025 at 06:58:56PM +0100, Richard Lewis wrote:
>There is a known 'incompatibility' between systemd and exim that both
>upstreams have explicitly declined to address - but it's
>not clear (to me anyway) why you are hitting this -- ive been using
>systemd and logcheck (and several other local email-sending units) for
>over
>a year with hardening and (after much pain) it now works for me - i
>get an email every single day from a shell script in a systemd unit.
And all those scripts alos deliver via /usr/lib/sendmail?
not sure --- i just use mail (from mailutils) -- and logcheck uses
mime-construct -- these may call sendmail ?
They most probably do.
systemd semantics have changed our systems so much that this method does
no longer with all MTAs. I think that I should write some docs about
that. But that's ugly and going to demotivate me. But having this
documented is probably necessary.
Are you refering to the suid issue that I mentioned or is that
incompatibility something else?
not sure --
https://systemd-devel.freedesktop.narkive.com/nV1QMO8j/exim4-only-queues-mails-sent-by-systemd-service
Ugh. A classical case of systemd changing the way Unix systems have
always worked and then declaring that the other side is broken. Unix
mailers have delivered e-mail that way since before Lennart Pöttering
was born.
I entirely understand that exim doesn't want to change its way of
operating just because systemd wants it to.
I think that it depends whether the process calling out to
/usr/lib/sendmail waits for the process to complete or not.
Me neither -- this
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106030 is the only
reproducible "issue" i have seen in the logcheck unit (and it doesnt
match this bug)
@Marc Haber would love your more expert view on that bug - and to
correct the likely flawed terminology in there!)
ps, my other email-sending units work with the following hardening
(not complete) - as long as i add a "sleep" after sending the email.
(but logcheck us using has none of these)
This is probably the situation described in the systemd-devel discussion
over there. Sorry, I'm going to keep myself out of there, it is too
frustrating to deal with this kind of systemd arrogance.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
