Bug#869480: Support multiple smarthosts (gmail support)
Florian Weimer
fw at deneb.enyo.de
Sat Jan 20 20:29:13 UTC 2018
* Osamu Aoki:
> +Here, foo at example.org.sh should be as follows:
> +
> + #!/bin/sh
> + /usr/bin/ssh -p 22 \
> + -i /etc/exim4/ssh/foo at host.example.org.key \
> + -o "StrictHostKeyChecking no" \
> + foo at host.example.org \
> + /usr/bin/sendmail -bm -ti \
> + -f foo at example.org
This looks quite dangerous to me because there is a large temptation
to pass data on the command line (mainly to fix the sender address),
and it is going to be very difficult to do this in a secure fashion,
without introducing shell command injection. The end of the message
is also not signalled reliably to the sendmail subprocess (i.e. a
dropped SSH connection results in a truncated message and data loss).
This looks more like an application for BSMTP.
More information about the Pkg-exim4-maintainers
mailing list