- Package:
- exim4-daemon-heavy
- Source:
- exim4
- Description:
- Exim MTA (v4) daemon with extended features, including exiscan-acl
- Submitter:
- Jari Aalto
- Date:
- 2021-09-22 04:42:56 UTC
- Severity:
- wishlist
If possible, it would be good if file
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost included
support for Exim out of the box. Here is suggested improvement:
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
tls_tempfail_tryclear = false
DEBCONFheaders_rewriteDEBCONF
DEBCONFreturn_pathDEBCONF
.ifdef SA_EXIM_SMTP_HEADERS_REMOVE
headers_remove = X-SA-Do-Not-Run \
: X-SA-Exim-Scanned \
: X-SA-Exim-Rcpt-To \
: X-SA-Exim-Mail-From \
: X-SA-Exim-Version \
: X-SA-Exim-Connect-IP
.endif
Then users could simply define feature:
SA_EXIM_SMTP_HEADERS_REMOVE = yes
tags #276124 wishlist thanks Wouldn't that remove SA-Exim-Headers from outgoing e-mail? Why is that globally desireable? Greetings Marc
| tags #276124 wishlist
| thanks
|
| On Tue, Oct 12, 2004 at 09:12:55AM +0300, Jari Aalto wrote:
| > If possible, it would be good if file
| > /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost included
| > support for Exim out of the box. Here is suggested improvement:
| >
| > remote_smtp_smarthost:
| > debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
| > driver = smtp
| > hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
| > tls_tempfail_tryclear = false
| > DEBCONFheaders_rewriteDEBCONF
| > DEBCONFreturn_pathDEBCONF
| > .ifdef SA_EXIM_SMTP_HEADERS_REMOVE
| > headers_remove = X-SA-Do-Not-Run \
| > : X-SA-Exim-Scanned \
| > : X-SA-Exim-Rcpt-To \
| > : X-SA-Exim-Mail-From \
| > : X-SA-Exim-Version \
| > : X-SA-Exim-Connect-IP
| > .endif
|
| Wouldn't that remove SA-Exim-Headers from outgoing e-mail? Why is that
| globally desireable?
Yes. SA-EXIM add sensitive information (because it's being run inside
the site), but this information should not leak outside. BEsides, the
receiving site may also run SA-EXIM, so it has no use for this
information.
This suggestion was for messages sent to smarhosts.
Jari
severity #276124 wishlist thanks
user exim4@packages.debian.org usertags #276124 config-ng thanks
X-SA-Do-Not-Run is not added by SA-Exim; it's something the README suggested that the user adds in the ACLs to prevent scanning of some messages. The comments in the default config file recommends using ACL variables instead. X-SA-Exim-Version and X-SA-Exim-Scanned are always added, but aren't that sensitive, and may be useful for debugging. X-SA-Exim-Rcpt-To, X-SA-Exim-Mail-From, and X-SA-Exim-Connect-IP are only added if SAaddSAEheaderBeforeSA is set to 1 in sa-exim.conf, which it is by default, though. They should be removed from all mail, both remote and local, which is why I prefer doing it in the system filter. A future sa-exim version will likely handle greylisting internally instead of in a SpamAssassin plugin. exim4 shouldn't have to adapt to various specific packages that depend on it, but it isn't too easy for a package like sa-exim to just drop a configuration snippet in /etc/exim4/conf.d that will take care of removing the headers. system_filter doesn't seem to be used in the default config though, so I *could* hijack that mechanism by shipping a filter file and setting system_filter to point at it directly after the place I set local_scan_path. Very ugly. Perhaps a system_filter.d directory, whose contents would either be concatenated into /var/lib/exim4/system_filter.autogenerated, or processed sequentially by Exim (patch needed)?
Hello, Good morning, We have gone through your samples from a partner and Here is our Order List. Please do bear in mind that we are very much in need of this order, quote your competitive prices. Kindly send the Order confirmation. Your early reply will be much appreciated. Best Regards, Maryanah Erwin. PT FINDORA INTERNUSA Jln Pahlawan 66 Kec. Arjawinangun 45162 CIREBON West-Java INDONESIA tel : +62 231 357334 fax: +62 231 357260 email: marketing@findora.com
Hello, Good morning, We have gone through your samples from a partner and Here is our Order List. Please do bear in mind that we are very much in need of this order, quote your competitive prices. Kindly send the Order confirmation. Your early reply will be much appreciated. Best Regards, Maryanah Erwin. PT FINDORA INTERNUSA Jln Pahlawan 66 Kec. Arjawinangun 45162 CIREBON West-Java INDONESIA tel : +62 231 357334 fax: +62 231 357260 email: marketing@findora.com
Hello, Good morning, We have gone through your samples from a partner and Here is our Order List. Please do bear in mind that we are very much in need of this order, quote your competitive prices. Kindly send the Order confirmation. Your early reply will be much appreciated. Best Regards, Maryanah Erwin. PT FINDORA INTERNUSA Jln Pahlawan 66 Kec. Arjawinangun 45162 CIREBON West-Java INDONESIA tel : +62 231 357334 fax: +62 231 357260 email: marketing@findora.com