On 2020-05-01 10:03, Andrew C Aitchison via Exim-dev wrote:
> On Fri, 1 May 2020, Simon Arlott via Exim-dev wrote:
>> I'm still waiting for my patches for callout messages,
>> https://bugs.exim.org/show_bug.cgi?id=423 to be looked at.
>
> Assuming that the "gateway" smtp server has raised access to the
> call-forward host, what sort of internal information could be leaked
> or probed with this new feature ? Does this risk need to be documented
> ?
That is not the new feature. Exim already does that by default and it
can be configured to hide the detail.
The problem I have is that the information is not logged and is not
available in a variable so I can't include it with other messages.
I also can't handle the "defer" outcome in an ACL without losing the
automatic SMTP-level responses that Exim does have.
--
Simon Arlott
