Re: [exim] Please help!

Top Page
Delete this message
Reply to this message
Author: Alexander V Alekseev
Date:  
To: Brian Candler
CC: exim-users
New-Topics: [exim] Re: sensitive data appearing in delay warning messages [was: Please help!]
Subject: Re: [exim] Please help!
Hello!

On Fri, 15 Apr 2005 11:41:44 +0200 Brian Candler
<B.Candler@???> wrote:
> On Thu, Apr 14, 2005 at 10:35:37PM +0400, Alexander V Alekseev wrote:
>>                 Hello!

>>
>>         Exim 4.50 .

>>
>>         Is there a way not to send internal Exim errors 
>> in bounce
>> messages? Even hidden data is sent back to sender ;-((
>>         For example, if some database lookup fails in 
>> router or
>> transport configuration, full lookup text, including 
>> hidden data
>> is send back to sender.
>>         I failed to find answer in spec. ;-((

>
> Can you give a more concrete example?

         I sent it to list a few days ago:
         Some message is in queue. At the time of delivery 
if we
have router like this:
---------------------------------------------------------------------
SOME_LDAP_LOOKUP = ${ lookup ldap { user="<username>" 
pass=<pass> ldap:///<lookup text>}}


some_aliases:
driver = redirect
allow_fail = false
allow_defer = false
allow_filter = false
allow_freeze = false
forbid_blackhole = true
forbid_file = true
hide data = SOME_LDAP_LOOKUP
---------------------------------------------------------------------

         Exim generates bounce message to sender:
---------------------------------------------------------------------
Delay reason: failed to expand "${ lookup ldap { 
user="<username>" pass=<pass> ldap:///<lookup text>}} ": 
lookup of "user="<username>" pass=<pass> ldap:///<lookup
text>" gave DEFER: failed to bind the LDAP connection to 
server <IP>:<Port> - LDAP error 81: Can't contact LDAP 
server
---------------------------------------------------------------------
         So, anyone can see username and password to LDAP 
server.


         Another example (transport):
---------------------------------------------------------------------
some_mailboxes:
         driver = appendfile
         create_directory = true
         create_file = anywhere
         hide directory = LDAP_MBX_LOOKUP
         maildir_format = true
         quota = LDAP_QUOTA_LOOKUP
---------------------------------------------------------------------
And Exim includes the same hidden data in bounce message 
if quota lookup fails.


> Otherwise, I can only guess at what your problem exactly
>looks like.


                 bye. Alex.