------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1454 --- Comment #4 from Todd Lyons <tly...@ivenue.com> 2014-04-24 15:13:34 --- Can you see if the patch still works with this small change: - else if (Ustrcmp(argrest, "Mm") == 0) message_reference = argv[++i]; + else if (Ustrcmp(argrest, "Mm") == 0) + { + if (trusted_config && mac_ismsgid(argv[i+1]) ) + message_reference = argv[++i]; + else + DEBUG(D_any) debug_printf("-oMm must be a valid message ID, called by a trusted user/config\n"); + } I don't like arbitrarily being able to set a value that could be used to log erroneous or misleading message id's. The way you are using it is fine, but any local account being able to specify a message-id could produce falsified audit logs, and we really need to prevent that. You essentially want -E but without the error condition being set, so the feature needs a bit extra protection. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
