On 2020/11/10 08:44, Kai Bojens via Exim-users wrote:
Am 09.11.20 um 23:27 schrieb Heiko Schlittermann via Exim-users:
We're open for suggestions. And intentionally we do not provide
suggestions from our side here and now (this doesn't mean that we do
not have
ideas ;)) My thoughts I'll present here later.
The only problem I have with tainting is the lack of documentation.
Why is there no single page with just "Hey, external data is now
considered tainted. This is how you handle this new stuff:"?
Right now the information about tainting is spread all over the
documentation so that admins who upgrade have to go through all of this.
...and because of this, I have kept to older versions of EXIM - because
my configs rely on the fact that all my users are in a MySQL Database.
Some more general "this is how you do it" examples would be greatly
appreciated.
Thank you Heiko for raising this discussion.
I personally run some 1000 domains with perhaps 4000 e-mail users. Not
big but not insignificant. I understand that when an email arrives, the
recipient may not exist - but then the first thing I think I do is see
if the address exists - and has not been suspended - etc. Surely this
would cover 'tainted' data checks? Same for mail submission senders,
they only 'get in' if their username (full email address) and password
is a valid combination - so what is left to check?
As an aside, I also discovered my MySQL database was running on very old
software - so there are other issues at hand too - just to confuse my
particular issues. The old MySQL has just been sorted - so 'tainted'
data is next.
Running an email service used to be reasonably easy... now people do
dumb thinks like double SPF records or double sign DKIM (with one always
broken).
So a suggestion, if its the incoming email that has tainted data - then
an immediate lookup (give various examples) that then set some globally
useable variables for everything else - could be an ideal way forward.
--
Mark James ELKINS - Posix Systems - (South) Africa
[email protected] Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
