I've pushed commit 5336c0d adding a new section to the Security Considerations chapter of The Exim Specification.
There's probably more we can add here. Context: https://www.redteam-pentesting.de/de/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-execution People keep using use_shell and our warnings are perhaps not strong enough as they stand. Adding them into the security considerations chapter might provide for better review, with security teams talking to postmasters to find workable balances in the use of features called out as dangerous. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
