Hi!
> On 2024-08-14, Jeremy Harris via Exim-users wrote:
> > On 14/08/2024 15:27, Kurt Jaeger via Exim-users wrote:
> >> So: user1@domain1 has an autoreply, and the autoreply
> >> should be signed with dkim for domain1.
> >
> > I do not agree.
> > The
Hi!
> Maybe signing it with some other domain works. Still the question
> is: Can it also be signed with the domain one *wants* to use
> for this kind of autoreply ?
>
> Would it hurt to implement a mechanism for this ?
>
> How does autoreply know which mail-from it should use ?
>
> I found thi
Hi!
> On 14/08/2024 15:27, Kurt Jaeger via Exim-users wrote:
> > So: user1@domain1 has an autoreply, and the autoreply
> > should be signed with dkim for domain1.
>
> I do not agree.
> The DKIM RFC says that anyone can sign a message.
Maybe signing it with some other
Hi!
> > On 14/08/2024 15:27, Kurt Jaeger via Exim-users wrote:
> > > So: user1@domain1 has an autoreply, and the autoreply
> > > should be signed with dkim for domain1.
> >
> > I do not agree.
> > The DKIM RFC says that anyone can sign a message.
>
Hi!
> On 14/08/2024 14:31, Kurt Jaeger via Exim-users wrote:
> > The problem is that the autoreply driver looses the information
> > on which sender is used to send out the mail (envelope-from is <>
> > to avoid mail-loops).
>
> More to the point, there *is no* s
Hi!
Recently, I came upon a problem without a solution:
If I trigger an autoreply (for example because of vacations),
how do I get the system to add a DKIM-header for the proper domain ?
This post describes that the recipient of the autoreply
can check the signature by looking for the d= field
i
Hi!
> I applied 4.96-1 to our test systems and routing to the LISTSERVer
> began to fail with "*Tainted arg 2* for listserv_transport transport
> command:
>
> The transport is quite simple:
>
> # Hand off to LISTSERV lsv_admin script
>
> listserv_transport:
>
> driver = pipe
>
>
Hi!
> Thus, IMO when these particular patches will be confirmed,
> they will supply update. The question is, who will confirm that,
That's the key problem. I contacted the libspf2 developer
and he committed the fix from issue 44. But neither he nor
the person who submitted the patch has enough in
Hi!
> Does anyone know who ZDI *is* ? What does the abbreviation stand for?
ZDI stands for zero-day-initiative.
https://www.zerodayinitiative.com/about/
https://nitter.net/thezdi
--
p...@opsec.eu+49 171 3101372Now what ?
--
## subscription configuration (requi
Hi!
> What I take from this mitigation statement--Use a trustworthy DNS
> resolver which is able to validate the data according to the DNS record
> types--is that if our DNS service is solid, we are not vulnerable. Is this
> accurate, or am I oversimplifying things? The mitigation statement f
Hi!
> > Am 13.06.2023 um 08:51 schrieb Axel Rau via Exim-users
> > :
> > tainted search query is not properly
> I???m reading in the spec p 79:
> "If tainted data is used in the query then it should be quuted by using the
> ${quote_:} expansion operator appropriate for the
> lookup.???
>
> W
11 matches
Mail list logo
