Re: [Exim] Does Exim have security problems?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Users Mailing List
Date:  
À: Dr Andrew C Aitchison
CC: Exim Users Mailing List
Sujet: Re: [Exim] Does Exim have security problems?
[ On Tuesday, September 5, 2000 at 14:21:07 (+0100), Dr Andrew C Aitchison wrote: ]
> Subject: Re: [Exim] Does Exim have security problems?
>
> I don't agree that .forward files will have nothing secret in them.
> There isn't much secret about a .forward file that only contains a
> single forwarding address, but if exim filtering is enabled they could
> contain much more than that; including addresses of regular/important
> corrspondents. I'm not sure that I'd want to make mine readable by all
> my users.


Why would you put that information in your .forward file in the verst
place?

Such sensitive information can just as easily live in another separate
configuration file read only by the filtering software itself and thus
even exim can't be directly tricked into revealing its contents to your
users.

(Note that a user able to invoke the mailer with debugging options
turned on may be able to see, or infer, at least some of the contents of
your .forward file anyway.)

-- 
                            Greg A. Woods


+1 416 218-0098      VE3TCP      <gwoods@???>      <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>