On Mon, 2013-05-06 at 16:16 -0400, Phil Pennock wrote: > This includes $h_* variables for looking at message headers, where > there's even more flexibility for the attacker.
I'm slightly late to the list party on this one as I've been running after errant racing cars all weekend, but (as I commented on the G+ thread for this) the default configuration's RCPT ACL would reject an inbound email address containing backticks as being invalid. This does not absolve the "use_shell" option of its risk, but does mitigate it somewhat. Graeme -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
