https://bugs.exim.org/show_bug.cgi?id=3063
--- Comment #13 from Simon Arlott <[email protected]> --- (In reply to Simon Arlott from comment #7) > > Dec 2023: getting a site to send a body including an "LF . LF" sequence > > followed by SMTP commands is a possible "smtp smuggling" attack. If > > the first (header) line for the message has a proper CRLF then enforce > > that for the body: convert bare LF to a space. > > I expect that converting <LF> to a space is going to lead to further > security or interoperability problems because it will mean Exim will merge > two lines in a <CRLF>-based message if there's an <LF> in the middle of > them, potentially changing the meaning of the message by merging two or more > header lines together or merging the body with the headers. > > Can't it just accept the message as-is, using dot duplication if the entire > line is "."? Jeremy, you've still not explained why Exim is now changing message content like this. Postfix and Sendmail don't do it. -- You are receiving this mail because: You are on the CC list for the bug. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
