Re: [exim] VRFY and EXPN: need I really them?

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] VRFY and EXPN: need I really them?
Hi,

Luca Bertoncello <lucabert@???> (So 15 Jan 2017 19:16:58 CET):
> Heiko Schlittermann <hs@???> schrieb:
> > > > http://exim.org/exim-html-current/doc/html/spec_html/ch-smtp_processing.html#SECID237
> > > First, maybe you can write some words, too, isn't it? :)
> > Why. If the answer is given already?
> Politeness? ;)


I do not see anything impolite there. It's a pointer to the
documentation.

> Or maybe because maybe the person with the problem is not sure about the
> meaning of the page?


If you know the docs already, but have problems understanding it, then
you should express exactly that fact. We're more then happy if we can
improve the documentation.

> > Yes. There is no security issue in Exim at all, if you configure it
> > right or if you use the default example configuration. All other
>
> Well, I would NOT be so sure...
> If Exim has no security issue at all it's not needed to develop it forward...
> You should say "at the time, no security issues are known in Exim, using the
> default configuration or configuring it right"... :)


Ok, I should have written "no known security issue", and reasons for
developing are not only security, but improvements (speed, flexibility,
features…)

> > security issues are due to configuration errors. (Thus you *can* run
> > commands on VRFY or EXPN via acl expansions. This *can* create security
> > issues.)
>
> Could you please explain your last sentence? I really don't understand it...


It's already explained in this thread.

    ${run{…}}
    ${perl{…}}
    command = …


and probably even more

--
Heiko