On 24/10/17 23:05, Ian Kelling wrote:
> How can I make exim only sign headers that are
> in the message I send?
Actually being sure to not oversign is pretty tricky, currently.
You have to examine the message headers and build a header-names
list for signing which does not include any not present.
A truly nasty oneliner:
${filter \
{From:Sender:Reply-To:Subject:Date} \
{inlist {$item} \
{<\n ${map \
{<\n ${sg {$message_headers} {\N\n\t\N} {}}} \
{${listextract {1}{$item}}}}} \
} \
}
[ take the current message headers. Collapse any in-header
continuation lines, then extract the header name.
Check each proposed header name against that list, only
accepting those present.
]
... nasty because it evaluates the "map" again for each new
proposed header-name. For efficiency do it in two lines.
It also does not handle the possible cases of multiple headers.
Opened bug 2180 for better ways of specifying (over)signing.
--
Cheers,
Jeremy
