Re: [exim] Exim hostlist in the exim config - related to CV…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMMichael Love at <-
Cyborg at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Exim hostlist in the exim config - related to CVE-2019-15846
On 10/09/2019 12:33, Michael Love via Exim-users wrote:
> We have a restricted hostlist of only other servers able to email exim 4.86.
> For this new vulnerability, is the TLS handshake executed before the whitelist hostlist lookup, or is the whitelist hostlist queried first?

It depends where you've used this hostlist in your config,
and whether you support TLS-on-connect.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] 4.92.2 versionRe: [exim] 4.92.2 version->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)