This chapter collects a number of items that do not fit naturally into the other chapters, but are too small to warrant individual chapters of their own.
We use the word “security” to cover all aspects of the operation of Exim that are concerned with letting it perform privileged actions not permitted to ordinary user programs. It also covers aspects concerned with keeping the messages and other data it handles secure. There are three aspects to this:
An MTA requires privilege to carry out the full range of expected functions, but it must take care to prevent its privilege from being abused. If possible, it should also relinquish privilege whenever it does not need it.
An MTA must keep the files containing the messages it handles from being accessed by ordinary user programs. Under some countries’ data protection legislation, messages and even mail logs are considered personal data, so it must be processed with appropriate care.
An MTA must provide extra facilities for its administrators (for example, the ability to delete a message on the queue) that are safe from abuse by ordinary users.
Security is an important issue because breaches of security can lead to serious consequences. The full details of the security aspects of Exim are quite involved and allow for some variation in the way it is configured. However, there are some “standard” recommendations you should normally follow, unless you are sure you understand the consequences of doing otherwise. ...