On Wed, 1 Mar 2006, Pete Naylor wrote:
> > Incidentally, smtp_return_error_details has nothing to do with this. It
> > is concerned with how much error detail to return when rejecting an
> > incoming message.
>
> I was confused about that. I don't think I really expected it to make a
> difference in the problem I reported but I was trying to be thorough
> before reporting it. Above, in PH/53 though, you mention "when detailed
> error information was permitted to be returned to the sender" - how is
> that information permitted if not by the smtp_return_error_details
> setting?
It's permitted for certain types of error, and not for others, by fixed
code. Supposedly, error messages that come from external hosts
(precisely the ones we are involved with here) should always be
permitted, because they cannot contain any sensitive information about
this host. The ones you don't want to go back are things like "LDAP
lookup failed: user=xxx password=xxx ... xxxx" and others that might
contain sensitive information about your host. So, when I made the
change, I defaulted to "no send", and then enabled the cases that were
OK. Except that I missed some... This was not unexpected, to be honest.
But I knew that if people noticed any problems, they'd shout soon
enough. :-)
smtp_return_error_details is concerned only with incoming messages and
what Exim, as a server, sends in *its* 5xx and 4xx messages. We are
dealing with Exim as a client here, so smtp_return_error_details is not
relevant.
--
Philip Hazel University of Cambridge Computing Service
Get the Exim 4 book: http://www.uit.co.uk/exim-book
