Follow

Head's up: teared the MTA literally apart. They discovered 21 : 11 local vulnerabilities, and 10 remote vulnerabilities.

If you run Exim connected to the Internet or local with untrusted users, you should either patch now or shut it down.

openwall.com/lists/oss-securit

· · Web · 3 · 17 · 7

@_xhr_
"In March 2021 a study performed by E-Soft, Inc.,[3] approximated that 60% of the publicly reachable mail-servers on the Internet ran Exim"
(source: en.wikipedia.org/wiki/Exim)

@_xhr_ ...and this is why sysadmins don't let fellow sysadmins run Exim. The biggest hurdle is that Debian ships it as the “by default” MTA. Amusingly, some historical justifications were that it's simpler than alternatives, but in practice... well, it's probably only simpler than Sendmail by now, and as complex as Postfix at least :blobpeek:

@aperezdc @_xhr_ anyone still running Exim after the Exim developers released a critical security patch at 10:00 on CHRISTMAS DAY deserve what they get

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!