On Tue, Nov 12, 2019 at 05:13:05PM -0500, Viktor Dukhovni wrote:
> > To achieve this, I'd like to set up Postfix+Linux -based outgoing mail
> > server, possibly with some helper daemon. Any incoming TCP connection on
> > localhost:25 where Postfix listens will be handled in a way dependent on
> > the UID of the process that initiated it. In short, I want to police the
> > emails based not on the sender email address or IP address, but based on
> > the sender UNIX UID.
>
> The bad news is that on a multi-processing Linux system it is
> not possible to reliably determine the UID at the other end of
> a loopback TCP connection. The data in /proc/net/tcp or
> exposed via AF_NETLINK lacks the read/write barriers required
> to ensure that the client pid/uid are visible on the server's
> CPU at the time that the server accepts the client's connection.
I should perhaps note that my colleagues and I have seen problems
determining the peer uid (in an HTTP proxy) when the client is
Firefox, and not when the client is curl or multi-threaded C-code
that tried to "emulate" Firefox. So one could perhaps be "lucky"
with the particular mix of clients one needs to support, but...
Even one is able to extract peer uid data for loopback TCP sockets
on Linux (via AF_NETLINK sockets, and/or parsing /proc/net/tcp).
That's rather platform-specific code, that won't work beyond Linux,
and I don't see this as a likely Postfix feature at present.
--
Viktor.
