On 12/23/23 19:15, Ian Z via Exim-users wrote:
> On Sat, Dec 23, 2023 at 10:27:02AM +0000, Jeremy Harris via Exim-users wrote:
>> Some changes in that direction are already available.
>
> An intriguing statement ;-) Available in 4.97, on master, on another
> branch?
In the git master.
> Are there build time or run time configuration setting changes
> needed to enable taking an installation in that direction?
>
> I already disable pipelining and chunking. Anything else I can do to
> get the strictest, most boring implementation of SMTP possible? I have
> no need to cater to broken clients.
Sure. You'd need to fine-tooth both the Makefile and your config,
thinking hard about every feature and the relation to your security
posture.
I can't really advise on specifics. For example, just supporting
TLS is a massive increase in compiled code and therefore attack surface.
Personally I prefer to have it available, but YMMV.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
