base.m4: Fiddle with permissions settings for local delivery transports.

[exim-config] / base.m4

diff --git a/base.m4 b/base.m4
index 887a132..75b1c4c 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -25,6 +25,7 @@
 ### Global settings.
 
 SECTION(global, priv)m4_dnl
+admin_groups = root : adm
 prod_requires_admin = false
 
 SECTION(global, logging)m4_dnl
@@ -128,7 +129,10 @@ acl_smtp_connect = connect
 SECTION(acl, connect)m4_dnl
 connect:
 SECTION(acl, connect-tail)m4_dnl
+       ## Configure variables according to the submission mode.
        warn     acl = check_submission
+
+       ## Done.
        accept
 
 check_submission:
@@ -255,21 +259,32 @@ smtp_local:
 deliver:
        driver = appendfile
        file = /var/mail/$local_part
+       group = mail
+       mode = 0600
+       mode_fail_narrower = false
        USER_DELIVERY
 
 ## Transports for user filters.
 mailbox:
        driver = appendfile
+       initgroups = true
        USER_DELIVERY
 
 maildir:
        driver = appendfile
        maildir_format = true
+       initgroups = true
        USER_DELIVERY
 
 pipe:
        driver = pipe
-       return_output = true
+       path = ${if and {{def:home} {exists{$home/bin}}} {$home/bin:} {}}\
+               /usr/local/bin:/usr/local/sbin:\
+               /usr/bin:/usr/sbin:/bin:/sbin
+       initgroups = true
+       umask = 002
+       return_fail_output = true
+       log_output = true
 
 ## A special dummy transport for use during address verification.
 dummy: