[Exim] Exim privacy bug

Góra strony
Delete this message
Reply to this message
Autor: Nigel Metheringham
Data:  
Dla: exim-users
Temat: [Exim] Exim privacy bug
Someone has raised the following scenario with me as an example where
exim is leaking some otherwise private information.

If you have queue_list_requires_admin set true (the default), then exim
will only let a local user see their own mails on the queue.

However if "mail -v" (or "exim -v") is used to deliver a mail, *and*
there are queued messages for the same site/mx target, then you see the
trace of those queued deliveries as well as your own.

    Nigel.


--
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]