Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Góra strony
Delete this message
Reply to this message
Autor: Graeme Fowler
Data:  
Dla: exim-users@exim.org
Temat: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
On 6 Jun 2019, at 13:25, Spencer Marshall via Exim-users <exim-users@???> wrote:
> why is this only being applied to +local_domains? why not everything?
> deny    message       = Restricted characters in address
>               local_parts   = ^[.] : ^.*[\$@%!/|]


Primarily because you’re not in control of what remote systems consider to be valid or invalid characters in the local part of their email addresses.

You are in total control of your own (“local”) domains; if the specific instance of Exim only ever talks to systems you control, you can apply it across the board. If you have emails routing through it to remote, external domains outside your control… there be dragons.

Graeme