Autor: Cyborg Datum: To: exim-users Betreff: Re: [exim] Exim hostlist in the exim config - related to
CVE-2019-15846
Am 10.09.19 um 13:33 schrieb Michael Love via Exim-users: > Hi All,
> Question:
> We have a restricted hostlist of only other servers able to email exim 4.86.
> For this new vulnerability, is the TLS handshake executed before the whitelist hostlist lookup, or is the whitelist hostlist queried first?
> Thank you.Michael Love.
If you wanne be sure, use IPTABLES to allow your hosts to relay, not the
outdated exim version.
There could be a lot more bugs in your version, which combined together,
result in a new vulnerability path.