Re: [exim] safe handling of $tls_sni

2016-10-17 Thread Felipe Gasper
FWIW, I’d much rather that invalid characters in $tls_sni prompt an error. There seems no reason to serve up meaningful content to someone who’s sending a malformed SNI header. -Felipe Gasper Mississauga, ON > On Oct 17, 2016, at 11:42 PM, Jasen Betts wrote: > > On

Re: [exim] safe handling of $tls_sni

2016-10-17 Thread Jasen Betts
On 2016-10-17, Mike Tubby wrote: > > Couldn't we have - per perhaps shouldn't we have - a "safe domain name" > function in Exim that could be used for this and elsewhere where an > untrusted domain name enters - it would: > > * remove white space (tab, space, etc) > *

Re: [exim] safe handling of $tls_sni

2016-10-17 Thread Phil Pennock
On 2016-10-17 at 22:53 +0100, Mike Tubby wrote: > Couldn't we have - per perhaps shouldn't we have - a "safe domain name" > function in Exim that could be used for this and elsewhere where an > untrusted domain name enters - it would: Exim is a volunteer open source project. Patches are welcome,

Re: [exim] safe handling of $tls_sni

2016-10-17 Thread Brent Jones
I'd like that - and if we were at it, I'd want a safe $sender_host_address so we can use RHS expansion without modifying the Makefile :) On Mon, Oct 17, 2016 at 2:53 PM, Mike Tubby wrote: > > Couldn't we have - per perhaps shouldn't we have - a "safe domain name" > function in

Re: [exim] safe handling of $tls_sni

2016-10-17 Thread Mike Tubby
Couldn't we have - per perhaps shouldn't we have - a "safe domain name" function in Exim that could be used for this and elsewhere where an untrusted domain name enters - it would: * remove white space (tab, space, etc) * remove non-printing chars * remove 'quoting' and

Re: [exim] safe handling of $tls_sni

2016-10-17 Thread Phil Pennock
On 2016-10-12 at 14:50 +0200, Arkadiusz Miśkiewicz wrote: > Docs say that $tls_sni has raw data from client: > > "Great care should be taken to deal with matters of case, various injection > attacks in the string (../ or SQL), and ensuring that a valid filename can > always be referenced; it is

Re: [exim] decode exim srs From

2016-10-17 Thread Heiko Schlittermann
Arkadiusz Miśkiewicz (Mo 17 Okt 2016 22:43:10 CEST): > Host A is using exim internal SRS capability to rewrite From and then forward > email to other host B. > > Now on host B I would like to rewrite From back to original form and then > make > exim all message processing

[exim] decode exim srs From

2016-10-17 Thread Arkadiusz Miśkiewicz
Hi. Host A is using exim internal SRS capability to rewrite From and then forward email to other host B. Now on host B I would like to rewrite From back to original form and then make exim all message processing (ACL, routers etc). srs key is known to both hosts. Can exim do that? Thanks,