https://bugs.exim.org/show_bug.cgi?id=2941
--- Comment #3 from ivanov17 <ivanov17@???> ---
Thank you for your explanation. I think there are some things which need to be
worked on.
First, it should be documented that Exim has options that don't allow string
expansions. When I read documentation, I think: well, I can use that solution.
But if I try to implement this, I see that it doesn't work. I think every
option that doesn't allow string expansions should have a corresponding
comment.
Second, if some Exim options don't have any security reasons for disabling
string expansion, it should be allowed. This will make Exim more flexible and
configurable.
Third, using environment variables may be safer in some scenarios than in
others. If I set deliver_drop_privilege to true, it reduces several kinds of
the risks. In this case, some actions prohibited in other cases could be
allowed.
Finally, it would be nice to have an official recommends to build Exim
container images. This recommendation can be described in a separate chapter of
the Exim documentation. There is also an interesting way that is used in 389
Directory Sever, because containerizing of LDAP server is not a trivial task.
They provide an official script for container images building as part of the
389DS distribution. It comes as a part of any 389DS package in the any Linux
distribution. I'll really appreciate if we would have something like that for
Exim.
--
You are receiving this mail because:
You are on the CC list for the bug.
