I've noticed recently some messages I haven't seen before in the logs:
qualify/rewrite: address is ridiculously long
I do agree with the sentiment (looking at one, the Reply-To address was an
absurd 331 characters long), but slightly unclear if it's indicating that
Exim's behaviour is changed as a consequence, or is this it intended merely as
a general observation?
Out of interest, I looked at a few, and they all appeared to be marketing sent
from various organisations via the Salesforce platform, which seems to have
invented a ludicrously long token to data-harvest clicks to the target
website, and uses a similarly-formatted token to form part of the Reply-To
address. Brilliantly, this token partially consists of base64-encoded JSON(!),
which in turn contains a very long opaque token and some kind of encrypted
data, together with what appears to be the IV for it. Aside from being used in
the Reply-To, a similar insanely-long token is included in *every single link*
in the mail, of which there are tens. The mind boggles, to put it mildly.
(I really hope they have some good validation/error handling on the server
side, when they load back in this untrusted, base64-encoded,
partially-encrypted JSON...)
Tim
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at https://www.exim.org/
## Please use the Wiki with this list - https://code.exim.org/exim/wiki/wiki
