Hi Following the recently published "mailsploit" [1] issue, I wonder why exim with enabled headers syntax check doesn't reject those message that use illegal characters in their from address.
The mailsploit attack relies on special chars like newline or the nul character encoded in base64 or quoted-printable. In my opinion encoded strings in mail headers should get decoded for validity checking, e.g when setting in an ACL: require verify = headers_syntax Am I wrong with this assumption? Best regards, Adrian. [1] https://www.mailsploit.com -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
