Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Graeme Fowler
Ημερομηνία:  
Προς: exim-users@exim.org
Αντικείμενο: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
On 6 Jun 2019, at 13:25, Spencer Marshall via Exim-users <exim-users@???> wrote:
> why is this only being applied to +local_domains? why not everything?
> deny    message       = Restricted characters in address
>               local_parts   = ^[.] : ^.*[\$@%!/|]


Primarily because you’re not in control of what remote systems consider to be valid or invalid characters in the local part of their email addresses.

You are in total control of your own (“local”) domains; if the specific instance of Exim only ever talks to systems you control, you can apply it across the board. If you have emails routing through it to remote, external domains outside your control… there be dragons.

Graeme