#276124 exim4-daemon-heavy: [30_exim4-config_remote_smtp_smarthost] add sa-exim support

Package:
exim4-daemon-heavy
Source:
exim4
Description:
Exim MTA (v4) daemon with extended features, including exiscan-acl
Submitter:
Jari Aalto
Date:
2021-09-22 04:42:56 UTC
Severity:
wishlist
#276124#5
Date:
2004-10-12 06:12:55 UTC
From:
To:
If possible, it would be good if file
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost included
support for Exim out of the box. Here is suggested improvement:

remote_smtp_smarthost:
  debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
  driver = smtp
  hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
  tls_tempfail_tryclear = false
  DEBCONFheaders_rewriteDEBCONF
  DEBCONFreturn_pathDEBCONF
.ifdef SA_EXIM_SMTP_HEADERS_REMOVE
  headers_remove = X-SA-Do-Not-Run \
		 : X-SA-Exim-Scanned \
		 : X-SA-Exim-Rcpt-To \
		 : X-SA-Exim-Mail-From \
		 : X-SA-Exim-Version \
		 : X-SA-Exim-Connect-IP
.endif

Then users could simply define feature:

  SA_EXIM_SMTP_HEADERS_REMOVE = yes

#276124#12
Date:
2005-02-06 14:30:40 UTC
From:
To:
tags #276124 wishlist
thanks

Wouldn't that remove SA-Exim-Headers from outgoing e-mail? Why is that
globally desireable?

Greetings
Marc

#276124#17
Date:
2005-02-06 16:22:26 UTC
From:
To:
| tags #276124 wishlist
| thanks
|
| On Tue, Oct 12, 2004 at 09:12:55AM +0300, Jari Aalto wrote:
| > If possible, it would be good if file
| > /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost included
| > support for Exim out of the box. Here is suggested improvement:
| >
| > remote_smtp_smarthost:
| >   debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
| >   driver = smtp
| >   hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}
| >   tls_tempfail_tryclear = false
| >   DEBCONFheaders_rewriteDEBCONF
| >   DEBCONFreturn_pathDEBCONF
| > .ifdef SA_EXIM_SMTP_HEADERS_REMOVE
| >   headers_remove = X-SA-Do-Not-Run \
| >                  : X-SA-Exim-Scanned \
| >                  : X-SA-Exim-Rcpt-To \
| >                  : X-SA-Exim-Mail-From \
| >                  : X-SA-Exim-Version \
| >                  : X-SA-Exim-Connect-IP
| > .endif
|
| Wouldn't that remove SA-Exim-Headers from outgoing e-mail? Why is that
| globally desireable?

Yes. SA-EXIM add sensitive information (because it's being run inside
the site), but this information should not leak outside. BEsides, the
receiving site may also run SA-EXIM, so it has no use for this
information.

This suggestion was for messages sent to smarhosts.

Jari

#276124#24
Date:
2005-02-06 16:41:04 UTC
From:
To:
severity #276124 wishlist
thanks

#276124#29
Date:
2006-01-06 18:25:41 UTC
From:
To:
user exim4@packages.debian.org
usertags #276124 config-ng
thanks

#276124#34
Date:
2007-06-10 17:25:25 UTC
From:
To:
X-SA-Do-Not-Run is not added by SA-Exim; it's something the README suggested
that the user adds in the ACLs to prevent scanning of some messages. The
comments in the default config file recommends using ACL variables instead.
X-SA-Exim-Version and X-SA-Exim-Scanned are always added, but aren't that
sensitive, and may be useful for debugging. X-SA-Exim-Rcpt-To,
X-SA-Exim-Mail-From, and X-SA-Exim-Connect-IP are only added if
SAaddSAEheaderBeforeSA is set to 1 in sa-exim.conf, which it is by default,
though. They should be removed from all mail, both remote and local, which is
why I prefer doing it in the system filter. A future sa-exim version will
likely handle greylisting internally instead of in a SpamAssassin plugin.

exim4 shouldn't have to adapt to various specific packages that depend on it,
but it isn't too easy for a package like sa-exim to just drop a configuration
snippet in /etc/exim4/conf.d that will take care of removing the headers.
system_filter doesn't seem to be used in the default config though, so I
*could* hijack that mechanism by shipping a filter file and setting
system_filter to point at it directly after the place I set local_scan_path.
Very ugly. Perhaps a system_filter.d directory, whose contents would either
be concatenated into /var/lib/exim4/system_filter.autogenerated, or processed
sequentially by Exim (patch needed)?

#276124#39
Date:
2021-09-22 04:26:56 UTC
From:
To:
Hello,

Good morning,

We have gone through your samples from a partner and Here is our  Order
List. Please do bear in mind that we are very much in  need of this
order, quote your competitive prices.

Kindly send the Order confirmation.

Your early reply will be much appreciated.

Best Regards,

Maryanah Erwin.

PT FINDORA INTERNUSA

Jln Pahlawan 66 Kec. Arjawinangun

45162 CIREBON West-Java INDONESIA

tel : +62 231 357334

fax: +62 231 357260

email: marketing@findora.com

#276124#44
Date:
2021-09-22 04:26:56 UTC
From:
To:
Hello,

Good morning,

We have gone through your samples from a partner and Here is our  Order
List. Please do bear in mind that we are very much in  need of this
order, quote your competitive prices.

Kindly send the Order confirmation.

Your early reply will be much appreciated.

Best Regards,

Maryanah Erwin.

PT FINDORA INTERNUSA

Jln Pahlawan 66 Kec. Arjawinangun

45162 CIREBON West-Java INDONESIA

tel : +62 231 357334

fax: +62 231 357260

email: marketing@findora.com

#276124#49
Date:
2021-09-22 04:26:56 UTC
From:
To:
Hello,

Good morning,

We have gone through your samples from a partner and Here is our  Order
List. Please do bear in mind that we are very much in  need of this
order, quote your competitive prices.

Kindly send the Order confirmation.

Your early reply will be much appreciated.

Best Regards,

Maryanah Erwin.

PT FINDORA INTERNUSA

Jln Pahlawan 66 Kec. Arjawinangun

45162 CIREBON West-Java INDONESIA

tel : +62 231 357334

fax: +62 231 357260

email: marketing@findora.com