Returning to our previous discussion:
It probably makes sense to run exim
as exim.exim , not as mail.mail
There is a plenty of setud programs which have mail user and/or group:
and probably various other mail related programs.
If there is a bug in any of them then they can read
memory of exim process and thus do anything to it.
How hard (from organizational perspective)
is to get new UID.GID exim.exim
in RedHat distribution,
as it was suggested by exim author Phil Hazel.
change uid.gid to exim.exim may require change in permissions
of the following directories
looking at exim.spec I see:
why the owner of config files is root.mail
and not root.root
Yes. (exim-3.22-10 fixes up the permissions on /var/spool/exim to mail.mail
already, which it wasn't doing before.)
Next time around I'll see about creating exim.exim, but for this release I think
it might be too late.
We no longer ship exim.