Package: exim4 Version: 4.50-8sarge2 Severity: important
in these days the setting "verify = header_sender" is very important IMO. But there is a bug in exim that can cause valid mail to be rejected. So you have two choices in the debian version of exim4: * configure exim to not check sender headers (allow users to use ([EMAIL PROTECTED] as From:, Sender: or Reply-To:) * let exim check headers but risc 100% valid mails being rejected so I consider this kind of serious. Maybe a backport of this fix would be a good idea? (affects sarge and etch and current sid, AFAICT) The Problem: as of RFC2822 it is valid to specify empty group addresses in a Reply-To: header like this: From: [EMAIL PROTECTED] Reply-To: "Please do not reply":; But because of a bug in exim this will be rejected. This bug was fixed upstream in version 4.64. References/Details: http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20061009/msg00061.html ChangeLog of Exim 4.64: "PH/18 Two problems with "group" syntax in header lines when verifying: (1) The flag allowing group syntax was set by the header_syntax check but not turned off, possible causing trouble later; (2) The flag was not being set at all for the header_verify test, causing "group"-style headers to be rejected. I have now set it in this case, and also caused header_ verify to ignore an empty address taken from a group. While doing this, I came across some other cases where the code for allowing group syntax while scanning a header line wasn't quite right (mostly, not resetting the flag correctly in the right place). These bugs could have caused trouble for malformed header lines. I hope it is now all correct." kind regards -Marc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
