Re: [exim] just been hacked, could be CVE-2019-10149?

Thanks Marius, Yes indeed, no argument at all. I've been involved in UNIX security for 30 years (and so should have known better anyway). Luckily, in this case, the script-kiddies efforts seem naive, and they weren't even able to succeed in opening up SSH access, despite having root and atte

Re: [exim] just been hacked, could be CVE-2019-10149?

thanks Heiko, yes, good point re unstable. In this case, the fix /was/ available in unstable, but a few other issues with updating had led to a delay, on that system, which proved unfortunate. thanks, calum. On 19/06/2019 12:47 pm, Heiko Schlittermann via Exim-users wrote: Calum Mackay via

Re: [exim] just been hacked, could be CVE-2019-10149?

Interesting point, thanks Jan. No external users/customers on this system, fortunately. If there were, or it had anything sensitive anywhere near it, I'd not have been running unstable on it, and it would have been updated much more frequently. thanks, calum. On 19/06/2019 3:18 pm, Jan Ingv

Re: [exim] exim and utf8

and the answer is smtputf8_advertise_hosts = randy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] just been hacked, could be CVE-2019-10149?

Am 11.06.19 um 19:34 schrieb Calum Mackay via Exim-users: > I'm still catching up, but… > > On 11/06/2019 7:43 am, Marius Schwarz via Exim-users wrote: >> Why didn't you harden your exim with the "allowed chars" change we >> posted here on the list, or did you? > > Is that still necessary/advised,

Re: [exim] just been hacked, could be CVE-2019-10149?

On Wed, Jun 19, 2019 at 1:26 PM Calum Mackay via Exim-users < exim-users@exim.org> wrote: > Luckily, it looks like the trojans did nothing more than repeated > attempts to open up my ssh server to root logins, which I think (and > hope) didn't actually work, so I may have been lucky, and the dama

Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Russell King via Exim-users (Di 11 Jun 2019 16:08:28 CEST): > > As I stated in my original post, I've tried subsituting the " " with > both + and %2b. I was using Firefox, I've also used elinks as well. > Nothing works to get a commitdiff. > > >https://git.exim.org/exim.git/shortlog/refs/hea

Re: [exim] Auto-bcc certain outgoing mail?

On June 14, 2019 10:07:40 PM GMT+03:00, Aki Kyo via Exim-users wrote: >Hello, can someone help guide me what the best way is to grab copies >of one of our users outgoing mails and bcc to another address? > >Thank you Probably, you may use imap/pop3 server for sharing access to mailbox instead

Re: [exim] Unix domain socket for redis_servers

On 12/06/2019 19:32, Yevgeny Kosarzhevsky via Exim-users wrote: > could someone enlighten me what is the proper syntax for redis_servers > to use unix domain socket? http://exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html :- If specified, the option must be set to

Re: [exim] Blackhole messages from pre-defined domains

On 11/06/2019 16:17, J&T Group via Exim-users wrote: > However, when I did this, the rules stopped working and messages from blocked > domains were allowed through. Test using -bh -d+all mode. Where is the decision point where it takes a wrong path? -- Cheers, Jeremy -- ## List details at

Re: [exim] just been hacked, could be CVE-2019-10149?

Calum Mackay via Exim-users (Di 11 Jun 2019 01:39:22 CEST): > My mail system has just been hacked; it's running Debian unstable exim > 4.91-9 I just checked https://packages.debian.org/unstable/mail/, and they list 4.92-8 there. So your 4.91 seems to be outdated a bit. But generally speaking, I

Re: [exim] Auto-bcc certain outgoing mail?

I accomplished this (ymmv) by creating a new file with the following, and saving it to /usr/local/cpanel/etc/exim/sysfilter/options # Exim filter if first_delivery and ("$sender_address:" contains "us...@example.com") and not ("$h_X-Spam-Checker-Version:" begins "SpamAssassin") then unseen del

[exim] Exim Exploit CVE-2019-10149

Hello Everybody, Please be aware of Exim Exploit CVE-2019-10149. https://www.zdnet.com/article/exim-email-servers-are-now-under-attack/ Everyone should update to Exim version 4.92 ASAP or whatever version of your OS which includes the fix for CVE-2019-10149. For example, for Debian the fix i

Re: [exim] DKIM signing table

Hi Jasen, > > or you could just put the selector in another file. > something like > > dkim_selector=${if > exist{DKIM_DOMAIN.sel}{${readfile{DKIM_DOMAIN.sel}}}{default_selector}} Great, thanks for the hint. Best regards Bjoern -- ## List details at https://lists.exim.org/mailman/listinfo/

[exim] just been hacked, could be CVE-2019-10149?

hi all, My mail system has just been hacked; it's running Debian unstable exim 4.91-9 Could it be CVE-2019-10149? I don't see any reports of active exploits yet. The reasons I suspect exim involvement: • starting today, every 5 mins getting frozen messages: The following address(es) have ye

[exim] Unix domain socket for redis_servers

Hello, could someone enlighten me what is the proper syntax for redis_servers to use unix domain socket? Thanks! -- Regards, Yevgeny -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://w

[exim] Blackhole messages from pre-defined domains

Hello everyone, I was hoping someone might be able to help me with this one. I have followed this guide on setting up a list of blocked domains on our WHM system: https://www.hostingmatters.co.uk/support/help-guides/86-server-management

Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

On Tue, Jun 11, 2019 at 03:42:09PM +0200, Heiko Schlittermann via Exim-users wrote: > Hi, > > Russell King (Di 11 Jun 2019 15:33:47 CEST): > > Hi, > > > > While looking for the fix on the web version of git.exim.org, I find that > > although I can get a listing based on the branch, I'm unable to

Re: [exim] exim and utf8

On 19/06/2019 00:40, Randy Bush via Exim-users wrote: > did the fix for the recent vuln possibly cause this? > > this is exim forwarding to exim > Exim version 4.92 #4 (FreeBSD 11.2) built 25-May-2019 01:19:44 > to > Exim version 4.90_1 #4 built 04-Jun-2019 18:44:51 > > any thing i can do