On 2023-10-26, Jeremy Harris via Exim-users <[email protected]> wrote: > On 26/10/2023 11:19, Thomas Andrews via Exim-users wrote: >> he emails are not getting delivered to the next machine via SMTP - that >> option is not available/possible/suitable in this case. So, it's a bespoke >> program that is used to do the transfer. > > The optimal solution would be to rewrite this bespoke program to > talk ESMTP or LMTP. Anything else would constitute a deliberate evasion > of the security reasons for taint-tracking.
I think it would constitute evading Exim's limited idea of security. If an external program is known to assume that its arguments are tainted, it is safe, in a properly expressed security policy, to pass it tainted arguments. (Assuming that there are no OS or library bugs allowing for overflow attacks etc. by argument passing, but that's not a policy issue.) Arguments are just another input to the program. Correct me if I'm wrong :) -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
