https://bugs.exim.org/show_bug.cgi?id=165
Wolfgang Breyha <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] Target Milestone|Exim 4.77 |Exim 4.88 --- Comment #2 from Wolfgang Breyha <[email protected]> --- May I bring this up again? Recently I faced the situation when exim spoiled the LDAP password to alpine which uses "exim -bs" and we have a rewrite rule with ldap lookup hitting both From: and env-from. alpine got two nice stderr messages with the LDAP password intact because the LDAP lookup deferred. Expansion of "....." ... doesn't contain it as long as it is not directly given in the expansion (eg. ${readfile...}, but the ... failed while rewriting: lookup of "....." contains the expanded part of the lookup with password. Another possible leak I found is in route.c and deliver.c. Both look into addr->message if it contains "failed to expand" or "expansion of". If the string further contains "ldap:", "ldapm:" or "ldapdn:" a simple message is returned. IMO both are missing "ldaps:". -- You are receiving this mail because: You are the QA Contact for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
