[exim] Re: Destination address in a transport

Top Page
Delete this message
Reply to this message
Author: Julian Bradfield
Date:  
To: exim-users
Subject: [exim] Re: Destination address in a transport
On 2023-10-26, Jeremy Harris via Exim-users <exim-users@???> wrote:
> On 26/10/2023 11:19, Thomas Andrews via Exim-users wrote:
>> he emails are not getting delivered to the next machine via SMTP - that option is not available/possible/suitable in this case. So, it's a bespoke program that is used to do the transfer.
>
> The optimal solution would be to rewrite this bespoke program to
> talk ESMTP or LMTP. Anything else would constitute a deliberate evasion
> of the security reasons for taint-tracking.


I think it would constitute evading Exim's limited idea of security.
If an external program is known to assume that its arguments are
tainted, it is safe, in a properly expressed security policy, to pass
it tainted arguments. (Assuming that there are no OS or library bugs
allowing for overflow attacks etc. by argument passing, but that's not
a policy issue.) Arguments are just another input to the program.

Correct me if I'm wrong :)





--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/