On 2011-01-23 at 12:06 +0000, Mike Clarke wrote:
> I'm running a small home network. Incoming mail is collected from POP3
> servers by fetchmail and then passed to exim for local delivery. Exim
> also handles the routing of outgoing mail via a smarthost.
(1) fetchmail can lose mail when the SMTP server gives error responses;
when you start changing your Exim config is when you're most
vulnerable; try "getmail" instead, as it is much more cautious about
losing mail. Written in Python, which shouldn't be an issue for
mail volumes low enough that you're using POP3 and does mean that
there should be no buffer overflow vulnerabilities.
(2) Don't rely on RFC822 mail-headers for routing information. You have
no way of telling which should be used. Look at the Envelope-to:
pseudo-header, which most POP3 setups try to support; failing that,
there's Demon Internet's SDPS POP3 extensions if they're the ISP
you're using, and failing that there's Received: header parsing (the
"wing and a prayer" approach).
-Phil
