[exim] Re: recent CVE: EXTERNAL -> external?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-users
Sujet: [exim] Re: recent CVE: EXTERNAL -> external?
On 02/10/2023 13:44, Adrian Zaugg via Exim-users wrote:
> The official communication talks of "EXTERNAL auth": Is it meant for
>
>     driver = external

>
> as mentioned under [1] or any external authentication like
>
>     driver = dovecot

>
> and thus written capitalized? Or does EXTERNAL refer to something completely
> different?
>
> Thank you for clarification.


There's two concepts here:

a) the driver (a module within Exim),
which has the lowercase word as it's label.

b) the ESMTP protocol word used to negociate use of the feature.
Traditionally in all-caps.


For this one there's maximum confusion. The driver only handles the one method.
But the "plaintext" driver (for instance) handles both LOGIN and PLAIN methods.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/