On 2023-10-26, Jeremy Harris via Exim-users <exim-users@???> wrote:
> On 26/10/2023 11:19, Thomas Andrews via Exim-users wrote:
>> he emails are not getting delivered to the next machine via SMTP - that option is not available/possible/suitable in this case. So, it's a bespoke program that is used to do the transfer.
>
> The optimal solution would be to rewrite this bespoke program to
> talk ESMTP or LMTP. Anything else would constitute a deliberate evasion
> of the security reasons for taint-tracking.
I think it would constitute evading Exim's limited idea of security.
If an external program is known to assume that its arguments are
tainted, it is safe, in a properly expressed security policy, to pass
it tainted arguments. (Assuming that there are no OS or library bugs
allowing for overflow attacks etc. by argument passing, but that's not
a policy issue.) Arguments are just another input to the program.
Correct me if I'm wrong :)
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
