• Jeremy Harris via Exim-users [2022-07-20 15:54]:
> On 20/07/2022 15:37, Kirill Miazine via Exim-users wrote:
> > IIRC Mailman has some facility to generate aliases file, which Exim
> > could be using. Mailman is able to generate those automatically, and
> > that should make the taint checking happy, as there won't be any unsafe
> > variables left.
>
> Getting a file out of Mailman to verify recipient names against would be ideal.
> You want also to use a static list of possible affixes, rather than a wildcard.
Again, if my memory serves me right, Mailman may generates an alias file in the form of:
list: command-without-variables
list-owner: command-without-variables
list-bounce: command-without-variables
list-foo: command-without-variables
So it will include both list name and all applicable suffixes.
> Handling initial signups for a list, where you don't have a known name
> to verify, seems like it could be an issue.
There shouldn't be any issues with this one, should there?
list-bounce+*: command-without-variables
> Still, do a proper job on all the possible other cases first, to
> reduce the attack surface, *before* resorting to deliberately
> subverting Exim's attempts to provide security.
>
> These attempts are not perfect; there are ways of evading them. But do
> not forget the log4j fracas.
>
> > Looking
> > athttps://bazaar.launchpad.net/~mailman-coders/mailman/2.1/files/head:/Mailman/MTA
> > it seems you'd have to say that your MTA is Postfix.
>
> :-(
That would be ironic: descripe a setup for Exim and specify MTA to be
Postfix.
