Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Graeme Fowler
Date:  
À: exim-users@exim.org
Sujet: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
On 6 Jun 2019, at 13:25, Spencer Marshall via Exim-users <exim-users@???> wrote:
> why is this only being applied to +local_domains? why not everything?
> deny    message       = Restricted characters in address
>               local_parts   = ^[.] : ^.*[\$@%!/|]


Primarily because you’re not in control of what remote systems consider to be valid or invalid characters in the local part of their email addresses.

You are in total control of your own (“local”) domains; if the specific instance of Exim only ever talks to systems you control, you can apply it across the board. If you have emails routing through it to remote, external domains outside your control… there be dragons.

Graeme