Of late (perhaps since October?) I've received random messages like
this:
> Date: Fri, 29 Nov 2019 21:30:34 -0500
> From: Mail Delivery System <Mailer-Daemon@???>
> To: postmaster@???
> Subject: Message frozen
>
> Message 1iasWk-0004Ya-NP has been frozen (delivery error message).
> The sender is <>.
>
> The following address(es) have yet to be delivered:
> dng-bounces@???: SMTP error from remote mail server
> after pipelined
> MAIL FROM:<> SIZE=5753: 554 5.7.1 Empty Sender Address is
> prohibited through this server
This apparently is a remote exploit vulnerability that was fixed early
in June for all exim versions since 4.87. Exim 4.92 was said not to
be vulnerable:
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
However, I'm runing Version: 4.92-8+deb10u3 . It appears this
vulnerability now exists for Exim4 4.92 under Devuan.
My impression is this exploit is not harmless, and so I'd like to know
if there is a way to block it. Since it depends on emacs4
configuration, this might be possible.
Haines Brown
