On Mon, Dec 02, 2019 at 02:20:48PM +0100, Cyborg via Exim-users wrote:
> Am 30.11.19 um 19:41 schrieb Haines Brown via Exim-users:
> >
> >> The following address(es) have yet to be delivered:
> >> dng-bounces@???: SMTP error from remote mail server
> >> after pipelined
> >> MAIL FROM:<> SIZE=5753: 554 5.7.1 Empty Sender Address is
> >> prohibited through this server
> > https://www.exim.org/static/doc/security/CVE-2019-10149.txt
> >
> >
> Your mentioned CVE refers to this Exploit: <${run{bash}}@???>
>
> But i don't see any connection with you anti-bounce message in a queue.
Unfortunately, I deleted my original notes. It seems a discussion of
my errot linked to CVE-2019-10149.txt and nothing in that text
indicated I was on the wrong track.
> Your service may have been hacked (earlier or on a different service)
> and/or is sending spams out and/or receiving spam bounces, to be sure,
> pls give us more details.
Devuan has an application that automatically sends a message
anytime you install an application. I suspect this may be the culprit.
>
> best regards,
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
