tags #908865 upstream thanks On Mon, Sep 17, 2018 at 10:04:34PM +0200, Rainer Dorsch wrote: > I particular, I do not understand the spam risk you mention and also > Google did not help me :-/ ... Could you give me a pointer to more > details? In particular do I carry a SPAM risk if I do the local > modification to accept the % sign?
As far as I remember, exim itself is not vulnerable, but might be part of a relay chain relaying such a message to a relay that _is_ vulnerable to the issue. I have looked again and found that this is indeed a configuration that is part of upstream's default configuration (see src/configure.default in the upstream code - the only thing we add is the macro that makes it easier to change the setting). This means that Debian is unlikely to change this as we try sticking to upstream's configuration as close as sanely possible. You might want to discuss this on the upsteam maiilng list exim-u...@exim.org and get a better explanation (or even a change) there. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421