Philip Hazel wrote: > It's the sysadmin who creates the string expansions and presumably > controls the contents of lookups. Or am I misunderstanding what you are > saying?
I'm not sure --- Exim offers so much flexibility that an admin setting these things up may either be unaware of possible security issues or may wish he had better means of setting limits that allow what he wants to do and at the same time keep things safe. It's hard to explain ... If I wanted to set up a kind of default filtering for mail from within the configuration of Exim, like delivering SPAM mails to designated folders, I would have to spent thought on the creation of such folders. I would find out that Exim can create the folders and try to choose a way that appears safe enough to me. That's fine for environments that don't need much complexity, but when I imagine more complex setups that maybe do different types of filtering, using lookups in SQL databases, with database content that can be administered by others, the story can take on such a great complexity that it becomes very hard to make it failsafe. That would make we wish I had good control on the creation of directories ... But I can be totally off because such a situation may be unlikely to occur, or there may already be sufficient control. GH -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
