Am 30.11.19 um 19:41 schrieb Haines Brown via Exim-users:
>
>> The following address(es) have yet to be delivered:
>> dng-bounces@???: SMTP error from remote mail server
>> after pipelined
>> MAIL FROM:<> SIZE=5753: 554 5.7.1 Empty Sender Address is
>> prohibited through this server
> https://www.exim.org/static/doc/security/CVE-2019-10149.txt
>
>
Your mentioned CVE refers to this Exploit: <${run{bash}}@???>
But i don't see any connection with you anti-bounce message in a queue.
Your service may have been hacked (earlier or on a different service)
and/or is sending spams out and/or receiving spam bounces, to be sure,
pls give us more details.
best regards,
