Re: [exim-dev] tls_sni = $host in default configuration file

[Phil Pennock via Exim-dev]

On 2018-12-16 at 10:42 +, Jeremy Harris via Exim-dev wrote:
> On 16/12/2018 10:20, Andreas Metzler via Exim-dev wrote:
> > 4.92rc1 adds this to the smarthost_smtp transport:
> > 
> > tls_sni = $host
> > 
> > I do not think that always works as expected. Depending on the DNS setup
> > (CNAME, round robin) $host will not contain the name of the selected
> > smarthost anymore but a different value.
> 
> Phil - that went in at 26739076ae in the example config; could you
> comment?

I think that I just missed that we might adapt `$host` during the life
of the Transport.


30.2

Absent `hosts_override` or `hosts` directly on the Transport, Round
Robin A records have no cause to change the host _name_.  So the only
issue should be CNAME records?

If we're changing `$host` based upon CNAMEs in DNS, then yes this will
do The Wrong Thing.  It might be a security problem then, because the
normally-insecure DNS changes the name we validate the certificate
against.  We can't rely upon DNSSEC for this default example config.

It's an example, which can be fixed, so it's not major.  This isn't the
built-in default for the option, but the default example configuration.

Short of messing with `$address_data`, the only fix I can immediately
think of would be to record `$router_host` or `$original_host` as the
value of `$host` when the Transport is entered, and then make that the
configured example.  That's some more coding changes.

Is this enough of a problem in real world scenarios to be worth the
coding work?  More code for hypothetical problems is complexity to debug
and maintain.  I'm inclined to have our example configuration gently
push back against that and encourage people to reduce CNAMEs, or accept
that this will require explicit configuration.

But this is a taste issue; if it's a big problem then I strongly suspect
we'll accept a codebase patch upstream to add `$router_host` and use
that as the example config default, or some other appropriate solution
if someone spots something good which I've missed.  Which is possible,
because I missed the CNAME issue at the time.

The cop-out would be to change to using a macro at the top of the file,
`SMARTHOST_NAME`, and .ifdef guards to define the Router only if that
macro is defined, and then reuse `SMARTHOST_NAME` as the default for
`tls_sni`.  That would be more secure, but perhaps a little harder to
talk people through changing.  But hey, we can uncomment the Router by
default, in that case.  Just leave the macro commented-out by default.
So a small win?

Hrm.  Perhaps the macro approach for the imminent release, and consider
a new variable for the next release?  Heiko's discretion at this point.

-Phil

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] [exim] Exim 4.92-RC1

[Heiko Schlittermann via Exim-dev]

Please do not cross-post to lists and private addresses.

Paul Hecker  (Fr 14 Dez 2018 16:24:43 CET):
> can no longer compile this version with my current Makefile as there is
> WITH_CONTENT_SCAN=yes
> enabled and all other scanner interfaces disabled (as DISABLE_MAL_CLAM=yes, 
> DISABLE_MAL_AVAST=yes etc.).

Can you send me your Local/Makefile?


--
Heiko


signature.asc
Description: PGP signature
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2351] Exim doensn't log messages with empty "To:" header

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2351

Jeremy Harris  changed:

   What|Removed |Added

   Assignee|ni...@exim.org  |jgh146...@wizmail.org
Version|N/A |4.91
 Status|NEW |ASSIGNED
   Target Milestone|Exim 4.92   |Exim_4.93+

--- Comment #5 from Jeremy Harris  ---
Thanks Andreas.  Currently the only direct indication is the error status from
the exim invocation.  I can add a log line for this case.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2351] Exim doensn't log messages with empty "To:" header

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2351

--- Comment #4 from Andreas Metzler  ---
Jeremy,

afaict Victor essentially does this:

echo blah | /usr/sbin/sendmail -t -i ""

cu Andreas

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2351] Exim doensn't log messages with empty "To:" header

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2351

--- Comment #3 from Jeremy Harris  ---
You're only showing the To: header; that doesn't say what the envelope
recipient
was.  I don't work with php, hence am not able to reproduce your procedure.
That's why I'm asking you to get debug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2346] unseen in system_filter works randomly

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2346

Jeremy Harris  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID

--- Comment #3 from Jeremy Harris  ---
Closing on the basis of the above; please re-open if needed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2350] OCSP stapling, client side

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2350

--- Comment #4 from Jeremy Harris  ---
That would be my reading of the situation, yes.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2341] delay_warning failing to send messages

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2341

Jeremy Harris  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|ASSIGNED|RESOLVED

--- Comment #11 from Jeremy Harris  ---
Nobody commented further

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2338] cyrus_sasl authenticator does not set $authenticated_fail_id

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2338

Jeremy Harris  changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Jeremy Harris  ---
Nobody commented

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] tls_sni = $host in default configuration file

[Jeremy Harris via Exim-dev]

On 16/12/2018 10:20, Andreas Metzler via Exim-dev wrote:
> 4.92rc1 adds this to the smarthost_smtp transport:
> 
> tls_sni = $host
> 
> I do not think that always works as expected. Depending on the DNS setup
> (CNAME, round robin) $host will not contain the name of the selected
> smarthost anymore but a different value.

Phil - that went in at 26739076ae in the example config; could you
comment?
-- 
Thanks,
  Jeremy

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] tls_sni = $host in default configuration file

[Andreas Metzler via Exim-dev]

Hello,

4.92rc1 adds this to the smarthost_smtp transport:

tls_sni = $host

I do not think that always works as expected. Depending on the DNS setup
(CNAME, round robin) $host will not contain the name of the selected
smarthost anymore but a different value.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2351] Exim doensn't log messages with empty "To:" header

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2351

--- Comment #1 from Jeremy Harris  ---
What Exim version?

Does php pass the message to Exim using SMTP or a commandline?  If the latter,
what was the command?  Is an envelope-recipient specified (as opposed to a To:
header)?  Can you get debug output from Exim for the message injection?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2349] Add SCRAM-SHA-1/256 Authentication Methods in Client mode

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2349

Phil Pennock  changed:

   What|Removed |Added

 CC||p...@exim.org

--- Comment #1 from Phil Pennock  ---
The documentation does state that there's server support, but could do with
being clearer that there's not client-side support.

This is a case of "patches welcome".  I wrote the original GSASL integration
code and covered what I could reasonably test in the environment I was in at
the time.

It should be a reasonably small project, with well-defined interfaces to fill
in to expand it out to client-side support, and so an ideal choice of task for
getting involved with Exim development.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2351] New: Exim doensn't log messages with empty "To:" header

[admin--- via Exim-dev]

https://bugs.exim.org/show_bug.cgi?id=2351

Bug ID: 2351
   Summary: Exim doensn't log messages with empty "To:" header
   Product: Exim
   Version: N/A
  Hardware: x86-64
OS: Linux
Status: NEW
  Severity: bug
  Priority: medium
 Component: Logging
  Assignee: ni...@exim.org
  Reporter: corocho...@gmail.com
CC: exim-dev@exim.org

While EXIM received letter with empty To: header, It logging bounced message
only, but doesn't log bad original message.

how to reproduce the bug:

1. Create 1.php file with following content:

\r\n"; //optional headerfields

mail($recipient, $subject, $mail_body, $header); //mail command :) 

?>

2. Execute it with php 1.php
3. See main.log. You can see something following:

2018-12-16 11:11:26 1gYRWI-0003ss-8T <= <> R=1gYRWI-0003sq-7V U=exim P=local
S=770

This is bounced message.

4. Try to find original message with ID 1gYRWI-0003sq-7V, entering command:

grep '1gYRWI-0003sq-7V' /var/log/exim/main.log

and you can see again:

2018-12-16 11:11:26 1gYRWI-0003ss-8T <= <> R=1gYRWI-0003sq-7V U=exim P=local
S=770

No log records about original message 1gYRWI-0003sq-7V found as expectly.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##