Dňa 15. októbra 2023 17:07:00 UTC používateľ Jeremy Harris via Exim-users <exim-users@lists.exim.org> napísal:
>A resolver that you trust to only send properly-structured DNS responses >towards you. As opposed to crafted responses with interally-inconsistent >data, which the resolver access library functions (at least in glibc) >do no checking on. That is all nice, i asked on unboud, and answer was -- we don't know as not enough details was published. Previous discussion in this ML ended, that even trusted resolver on LAN (on separate host) can be not enough, as attacker can send crafted data before real resolver response. And attacker can even provide that crafted response when resolver is on the same host. Then Heiko step in, that we have to understand, that not all details can be published (yet). I respected that, but IMO now is time to publish all related details. Thus please, do not repeat these confusing words. Confusing, because nor bind's, nor unbound's devs was able to tell if its resolver is OK (with this issue), as not enough details was published... >The Exim project does not supply libspf2 packages. You should ask this >of your OS distro. Heiko published debian's libspf2 packages with applied patches and announced that in this ML, that is what i ask about. Thus please, answer with that context in mind. regards -- Slavko https://www.slavino.sk/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
