https://bugs.exim.org/show_bug.cgi?id=2282
Bug ID: 2282
Summary: Support HTTP-based & JSON-parsing content scanning
(rspamd)
Product: Exim
Version: N/A
Hardware: All
OS: All
Status: NEW
Severity: wishlist
Priority: medium
Component: Content Scanning
Assignee: tom@???
Reporter: pdp@???
CC: exim-dev@???
https://rspamd.com/doc/architecture/protocol.html
That's an HTTP protocol layering information into custom headers, with
responses in JSON.
Enough stuff uses HTTP and JSON these days that integrating support as a
framework, for both spam and malware scanning, probably makes sense.
Tentatively: just use cURL for HTTP/HTTPS, make sure there's no way for
attacker-controlled input to leak out, make sure we handle
<"foo\r\nMessage-Length: 0"@???> as an SMTP Envelope Sender (and From:
header address), etc etc, and integrate a small C JSON library for parsing
responses.
For JSON, I'd be inclined to pick Jansson, <
http://www.digip.org/jansson/> and
<
https://github.com/akheron/jansson>. Else sajson.
Both of these will add build dependencies to Exim, so would be the sorts of
things not enabled by default, but open to others for parsing.
And once we have them, we can consider MTA-STS support I suppose, even though I
personally believe MTA-STS to be a horrible idea leading to coerced inclusion
of every possible trust anchor, for every possible domain, and utterly unsuited
for email. (It's equivalent to DANE usages 0 and 1, which were rejected for
use with SMTP MX delivery because of the exact failure modes which are the only
ones MTA-STS supports).
--
You are receiving this mail because:
You are on the CC list for the bug.
