Hello everyone,
I wanted to run the SMTP email server exim (
https://www.exim.org/) inside Gramine. However, there seem to be some problems:
- At first, exim is very precise about the current user that is running the binary (root user, non-root user), which seems to interfere with the concept of Gramine exposing root as the default user to the enclave; yes, you can specify the UID and GID, but I haven't found a working configuration (yet). Especially, exim is often calling itself via exim, but with another user to send an email (depending on which permissions are needed).
- Secondly, exim uses some system calls (e.g., getrlimit, setrlimit, or getgroups) which seem to fail consistently.
Here are some error messages that occurred:
- getrlimit(RLIMIT_NOFILE) failed: Bad address
- exim: getgroups() failed: Bad address
- failed to write to main log: length=65 result=-1 errno=9 (Bad file descriptor)
- Gramine also logs the following warning, but I cannot identify if this
is a larger problem: [P1:T1:exim] warning: "struct msghdr" ancillary
data is not supported
How could I fix those problems, at best in a very generic way by, e.g., adjusting the Gramine manifest, and not by changing a lot of the actual code?
Apart from that, if that is not likely to make exim make work easily within Gramine: does anyone has experience in which SMTP server might be easily adapted to be run in Gramine and has the support of TLS as well as password authentication?
Best regards,
Gabriel