Of late (perhaps since October?) I've received random messages like this: > Date: Fri, 29 Nov 2019 21:30:34 -0500 > From: Mail Delivery System <[email protected]> > To: [email protected] > Subject: Message frozen > > Message 1iasWk-0004Ya-NP has been frozen (delivery error message). > The sender is <>. > > The following address(es) have yet to be delivered: > [email protected]: SMTP error from remote mail server > after pipelined > MAIL FROM:<> SIZE=5753: 554 5.7.1 Empty Sender Address is > prohibited through this server
This apparently is a remote exploit vulnerability that was fixed early in June for all exim versions since 4.87. Exim 4.92 was said not to be vulnerable: https://www.exim.org/static/doc/security/CVE-2019-10149.txt However, I'm runing Version: 4.92-8+deb10u3 . It appears this vulnerability now exists for Exim4 4.92 under Devuan. My impression is this exploit is not harmless, and so I'd like to know if there is a way to block it. Since it depends on emacs4 configuration, this might be possible. Haines Brown -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
