Re: [Exim] Does Exim have security problems?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Exim Users Mailing List
Data:  
Para: Dr Andrew C Aitchison
CC: Exim Users Mailing List
Assunto: Re: [Exim] Does Exim have security problems?
[ On Tuesday, September 5, 2000 at 14:21:07 (+0100), Dr Andrew C Aitchison wrote: ]
> Subject: Re: [Exim] Does Exim have security problems?
>
> I don't agree that .forward files will have nothing secret in them.
> There isn't much secret about a .forward file that only contains a
> single forwarding address, but if exim filtering is enabled they could
> contain much more than that; including addresses of regular/important
> corrspondents. I'm not sure that I'd want to make mine readable by all
> my users.


Why would you put that information in your .forward file in the verst
place?

Such sensitive information can just as easily live in another separate
configuration file read only by the filtering software itself and thus
even exim can't be directly tricked into revealing its contents to your
users.

(Note that a user able to invoke the mailer with debugging options
turned on may be able to see, or infer, at least some of the contents of
your .forward file anyway.)

-- 
                            Greg A. Woods


+1 416 218-0098      VE3TCP      <gwoods@???>      <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>