Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] Exim header check and mailsploit?
On 06/12/17 16:12, Adrian Zaugg wrote: > The mailsploit attack relies on special chars like newline or the nul
> character encoded in base64 or quoted-printable. In my opinion encoded
> strings in mail headers should get decoded for validity checking, e.g
> when setting in an ACL: require verify = headers_syntax
> Am I wrong with this assumption?
RFC 5322 says nothing about encoding.
--
Cheers,
Jeremy