yesterday i ran nessus against my machine and it reported two problems with
exim:
1) claims we're relaying (though i've tried relaying through my host only to
be denied)
and
2) acceptance of mail from "|user@???" which is a risk if a message is
constructed to bounce and is then piped to an executable.
i've searched the mailing list archives for mention of these and found
nothing. is there a known reason nessus would give a false positive for
relaying? has the "|address" problem been addressed?
