Author: Ian FREISLICH Date: To: Gray, Richard CC: exim-users Subject: Re: [exim] Re: sensitive data appearing in delay warning messages
[was: Please help!]
"Gray, Richard" wrote: > [Philip Hazel]
> > Times have changed. Perhaps the best plan now would be *never* to
> > give any details in bounce and delay warning messages. What do
> > people think? Please post your opinion.
>
> This seems like a perfect example of information leakage. While this
> is the most extreme case, with passwords leaking out, it is easily
> argued that any error output that is sent to an unknown user is an
> information leak.
Yes, when I get an error that contains a SQL fragment I immediately
think that the remote system is misconfigured (and by a novice).
I don't like the idea that my SQL, configuration data and exim foo
or lack thereof is leaked to the outside world.
I remember seeing somewhere that the bounce error message could be
changed, but it doesn't seem possible to leave out bits of the
message. Maybe it would be sufficient to have each section of the
bounce as an expansion variable so the template could be:
Subject: Mail delivery failed ${if eq{$sender_address}{$bounce_recipient}{: returning message to sender}}
This message was created automatically by mail delivery software.
A message ${if eq{$sender_address}{$bounce_recipient}{that you sent }{sent by <$sender_address>
}}could not be delivered to all of its recipients.
The following address(es) failed:
$failed_addresses
The following text was generated during the delivery attempt(s):
$failed_output
${if eq{$return_size_limit}{0}{
------ This is a copy of the message, including all the headers. ------
}{
------ The body of the message is $message_size characters long; only the first
------ $return_size_limit or so are included here.
}}
$message_headers
