[Exim] Exim privacy bug

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: exim-users
Subject: [Exim] Exim privacy bug
Someone has raised the following scenario with me as an example where
exim is leaking some otherwise private information.

If you have queue_list_requires_admin set true (the default), then exim
will only let a local user see their own mails on the queue.

However if "mail -v" (or "exim -v") is used to deliver a mail, *and*
there are queued messages for the same site/mx target, then you see the
trace of those queued deliveries as well as your own.

    Nigel.


--
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]