Hi, Tim. Returning to our previous discussion: It probably makes sense to run exim as exim.exim , not as mail.mail /usr/src/redhat/SOURCES/Local-Makefile.patch +EXIM_UID=8 +EXIM_GID=12 There is a plenty of setud programs which have mail user and/or group: /usr/bin/procmail /usr/bin/lockfile /bin/mail and probably various other mail related programs. If there is a bug in any of them then they can read memory of exim process and thus do anything to it. How hard (from organizational perspective) is to get new UID.GID exim.exim in RedHat distribution, as it was suggested by exim author Phil Hazel.
In addition: change uid.gid to exim.exim may require change in permissions of the following directories /var/log/exim /var/spool/exim /var/spool/exim/*
Another issue: looking at exim.spec I see: %defattr(-,root,mail) %config(noreplace) /etc/exim.conf %config(noreplace) /etc/aliases why the owner of config files is root.mail and not root.root
Yes. (exim-3.22-10 fixes up the permissions on /var/spool/exim to mail.mail already, which it wasn't doing before.) Next time around I'll see about creating exim.exim, but for this release I think it might be too late.
We no longer ship exim.