On Sun, Nov 05, 2017 at 04:09:37PM +0100, Andreas Metzler wrote: > I do not see the attacker gain, the same information can be extracted by > trying out RCPT TO *@omega-software.com with FROM attac...@gmail.com.
Additionally, we are desperately trying to stay close to the upstream configuration. If this is really an issue, then all non-Debian exim installations are vulnerable as well. What I am trying to say is, this issue should be reported and discussed with upstream _before_ we make this change. Paul, can you do that to make your point there? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
