I wanted to run the SMTP email server exim (https://www.exim.org/
) inside Gramine. However, there seem to be some problems:
- At first, exim is very precise about the current user that is running the binary (root user, non-root user), which seems to interfere with the concept of Gramine exposing root as the default user to the enclave; yes, you can specify the UID and GID, but I haven't found a working configuration (yet). Especially, exim is often calling itself via exim, but with another user to send an email (depending on which permissions are needed).
- Secondly, exim uses some system calls (e.g., getrlimit, setrlimit, or getgroups) which seem to fail consistently.
Here are some error messages that occurred:
- getrlimit(RLIMIT_NOFILE) failed: Bad address
- exim: getgroups() failed: Bad address
- failed to write to main log: length=65 result=-1 errno=9 (Bad file descriptor)
- Gramine also logs the following warning, but I cannot identify if this
is a larger problem: [P1:T1:exim] warning: "struct msghdr" ancillary
data is not supported
How could I fix those problems, at best in a very generic way by, e.g., adjusting the Gramine manifest, and not by changing a lot of the actual code?
Apart from that, if that is not likely to make exim make work easily within Gramine: does anyone has experience in which SMTP server might be easily adapted to be run in Gramine and has the support of TLS as well as password authentication?