Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] Closing off Port to non-SSL traffic
On 26/06/2022 08:19, Andrew C Aitchison via Exim-users wrote: > [ I should document CVE-2021-38371:
> before exim 4.95 exim probably was exposed to a man-in-the
> middle attack on STARTTLS when *sending* email, though it
> it is not clear how it could have been exploited.
Indeed, nobody that I am aware of has *ever* demonstrated
a way of exploiting SMTP response injection.
--
Cheers,
Jeremy