Re: [exim] Please help!

> On Thu, Apr 14, 2005 at 10:35:37PM +0400, Alexander V Alekseev wrote:
>>                 Hello!

>>         Exim 4.50 .

>>         Is there a way not to send internal Exim errors 
>> in bounce
>> messages? Even hidden data is sent back to sender ;-((
>>         For example, if some database lookup fails in 
>> router or
>> transport configuration, full lookup text, including 
>> hidden data
>> is send back to sender.
>>         I failed to find answer in spec. ;-((

         I sent it to list a few days ago:
         Some message is in queue. At the time of delivery 
if we
have router like this:
---------------------------------------------------------------------
SOME_LDAP_LOOKUP = ${ lookup ldap { user="<username>" 
pass=<pass> ldap:///<lookup text>}}

         Exim generates bounce message to sender:
---------------------------------------------------------------------
Delay reason: failed to expand "${ lookup ldap { 
user="<username>" pass=<pass> ldap:///<lookup text>}} ": 
lookup of "user="<username>" pass=<pass> ldap:///<lookup
text>" gave DEFER: failed to bind the LDAP connection to 
server <IP>:<Port> - LDAP error 81: Can't contact LDAP 
server
---------------------------------------------------------------------
         So, anyone can see username and password to LDAP 
server.

         Another example (transport):
---------------------------------------------------------------------
some_mailboxes:
         driver = appendfile
         create_directory = true
         create_file = anywhere
         hide directory = LDAP_MBX_LOOKUP
         maildir_format = true
         quota = LDAP_QUOTA_LOOKUP
---------------------------------------------------------------------
And Exim includes the same hidden data in bounce message 
if quota lookup fails.

                 bye. Alex.