On Wed, 26 Jan 2005, Adam M. Costello wrote:
> For comparison, I observe that exim3 (3.35) shows the :fail: message for
> all three commands, but shows a filter fail message only for EXPN, not
> for VRFY or RCPT.
Just had time to take a quick look at the code. The change does seem to
be deliberate, though I cannot find any documentation of when or why it
happened. However, the change is there in Exim 4.00, so I think it must
date from the great 3->4 upheaval, where a lot of individual changes
didn't get noted.
For release 4.11, the additional restriction of requiring the caller to
be an admin user was added. The ChangeLog for this mentions only defer
rather than hard errors, but the change was made for both.
The reason for the restriction was to prevent "private" information
escaping. At the level this is output, all Exim knows is that
verification failed, and here is the error message. It no longer know
that is was specifically :fail: that generated the message. The problem
is that the message might be something internal such as a failed
expansion, and that might contain, for example, LDAP password
information.
[I'm now offline for the best part of a week.]
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
