Bug#908865: exim4: Default CHECK_RCPT_REMOTE_LOCALPARTS blocks legal email addresses (in particular the % character)
Marc Haber
mh+debian-packages at zugschlus.de
Tue Sep 18 05:54:28 BST 2018
tags #908865 upstream
thanks
On Mon, Sep 17, 2018 at 10:04:34PM +0200, Rainer Dorsch wrote:
> I particular, I do not understand the spam risk you mention and also
> Google did not help me :-/ ... Could you give me a pointer to more
> details? In particular do I carry a SPAM risk if I do the local
> modification to accept the % sign?
As far as I remember, exim itself is not vulnerable, but might be part
of a relay chain relaying such a message to a relay that _is_ vulnerable
to the issue.
I have looked again and found that this is indeed a configuration that
is part of upstream's default configuration (see src/configure.default
in the upstream code - the only thing we add is the macro that makes it
easier to change the setting). This means that Debian is unlikely to
change this as we try sticking to upstream's configuration as close
as sanely possible.
You might want to discuss this on the upsteam maiilng list
exim-user at exim.org and get a better explanation (or even a change)
there.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
More information about the Pkg-exim4-maintainers
mailing list