The "X-headers" are informational only. They have nothing to do with the mail delivery. I have never seen an X-Envelope header myself.
At 2004-06-01 07:11 PM -0700, Sven is rumored to have said:
>There are no relay exploits in 1.8b (assuming correct config).
The same hole is there in 1.8, sad but verified since the test sent me a relayed message using my server after the upgrade.
The message was the same as in 1.7:
>BAD HEADER Improper folded header field made up entirely of whitespace >(char 00 hex) in message header 'X-Envelope'
so it probably is a new exploit that gets both 1.7 and 1.8 and that would explain why the testing 9 months ago didn't catch it.
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
