[exim-dev] [Bug 1590] outbound SOCKS proxy support

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Phil Pennock
Ημερομηνία:  
Προς: exim-dev
Αντικείμενο: [exim-dev] [Bug 1590] outbound SOCKS proxy support
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1590




--- Comment #1 from Phil Pennock <pdp@???> 2015-02-23 01:01:35 ---
Authentication is going to be necessary for any of the real-world scenarios
where I'd have wanted this feature.

Agreed SOCKS5.

The big issue is that SOCKS is often used to defer DNS resolution to the SOCKS
proxy. I think that we just say "no, DNS resolution is too intrinsic to how an
MTA operates, we resolve all DNS in Exim"; if Exim can't resolve a hostname, it
couldn't resolve anything else which was needed too. I think that this ties
into your "Destination by name?" question.

My tentative thinking was SMTP Transport, and a `socks_url` option; I'm open to
the idea of `socks_user` and `socks_password` as separate options which _can_
be used to override information from the `socks_url`. Primarily so that an
admin can write `hide socks_password = wibble` to use the `hide` functionality
of Exim's configuration.

The option should be either a single URL or something identifying a list of
servers; we should look at how things like spam-scanning servers are identified
to figure out our current best practice for "define a set of remote servers and
the failover policy for them".

I also would not be averse to the idea of being able to write
`${environ{SOCKS_URL}fail}` to grab the value from the environment, which is
more in keeping with a lot of modern application deployment, but I think that
this is orthogonal (just useful in many of the same deployment scenarios).


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email