donburi<p><span class="h-card" translate="no"><a href="https://floss.social/@artfulrobot" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>artfulrobot</span></a></span> Why exim4? Indeed, there is no good reason for that. Only Debian thinks there is... more than twenty years after Exim version 3 went out-of-date.</p><p><a href="https://universeodon.com/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a></p>
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.
Administered by:
Server stats:
276active users
toad.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#exim
0 posts · 0 participants · 0 posts today
artfulrobot<p>Quite pleased with my automated <a href="https://floss.social/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> delivery monitoring!</p><p>In the case of low success % it gives a breakdown of per-domain fails and other info, too.</p><p>I'm using it with the <a href="https://floss.social/tags/CiviMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CiviMail</span></a> component of <a href="https://floss.social/tags/CiviCRM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CiviCRM</span></a> </p><p><a href="https://floss.social/tags/exim4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim4</span></a> (why must it be called that, nobody uses v3!)</p>
artfulrobot<p>Hey <a href="https://fosstodon.org/tags/openSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSource</span></a> <a href="https://fosstodon.org/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> / <a href="https://fosstodon.org/tags/exim4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim4</span></a> users **NOW** is a good time to apply a <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> fix for your exim. Released 2 hours ago. If you use <a href="https://fosstodon.org/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a>, the updates are in the repos already.</p>
Needa<p>Bon du coup, je finis ma soirée <a href="https://piaille.fr/tags/EXIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EXIM</span></a> et j'ai l'impression que pour l'intégration Let's Encrypt /TLS, ça relève encore du bricolage de droits ?<br>Si vous connaissez une meilleure solution, je prends</p>
Needa<p>Moment de solitude où je constate enfin que ma configuration <a href="https://piaille.fr/tags/Exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exim</span></a> perso <a href="https://piaille.fr/tags/DKIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DKIM</span></a> contenait une typo alors que le reste (<a href="https://piaille.fr/tags/SPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPF</span></a>/#DMARC) était ok et ce depuis la migration, soit quasi 2 ans 🤡 <br>N'oubliez pas de tester vos propres outils ! <br>Cf. <a href="https://www.bortzmeyer.org/repondeurs-courrier-test.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bortzmeyer.org/repondeurs-cour</span><span class="invisible">rier-test.html</span></a></p>
pty<p>Prepare to update <a href="https://chaos.social/tags/Exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exim</span></a></p><p><a href="https://seclists.org/oss-sec/2025/q1/148" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">seclists.org/oss-sec/2025/q1/1</span><span class="invisible">48</span></a></p><p><a href="https://chaos.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
🆘Bill Cole 🇺🇦<p>Disturbing (data-dependent) bug in password handling by <a href="https://toad.social/tags/Exim" class="mention hashtag" rel="tag">#<span>Exim</span></a> hit the exim-users list today. Hopefully the dev team have a handle on fixing it, but it really makes me glad for Postfix's arms-length relationship with <a href="https://toad.social/tags/SASL" class="mention hashtag" rel="tag">#<span>SASL</span></a>. Just the idea that an authn system would (accidentally) have a mechanism for the subject to create a logical list separator for the MTA by crafting a password is crazymaking.</p><p><a href="https://toad.social/tags/Infosec" class="mention hashtag" rel="tag">#<span>Infosec</span></a></p>
David Cantrell 🏏<p>And the <a href="https://fosstodon.org/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> config is even older! That originated as exim 2 running on an <a href="https://fosstodon.org/tags/SGI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SGI</span></a> <a href="https://fosstodon.org/tags/Indy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Indy</span></a>, which was copied to exim2 on <a href="https://fosstodon.org/tags/Redhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Redhat</span></a> (I think) running on a <a href="https://fosstodon.org/tags/Tadpole" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tadpole</span></a> <a href="https://fosstodon.org/tags/Sparcbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sparcbook</span></a>, then copied to exim 2 on <a href="https://fosstodon.org/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> (which it is now on) and upgraded to exim 3 and then exim 4 with numerous tweaks along the way. Needless to say it's a goddamn mess.</p>
David Cantrell 🏏<p>The approximately four generations deprecated VM that handles my email is finally being killed off by my ISP, and I can't really say that I blame them. I have about a month to find a new email provider for <a href="https://fosstodon.org/tags/SMTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMTP</span></a> and <a href="https://fosstodon.org/tags/IMAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMAP</span></a>. No, I'm not going to host it myself again. Suggestions? So far <a href="https://fosstodon.org/tags/Fastmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fastmail</span></a> looks like it's not complete and utter dogshit although obviously it will never be as capable as my tangled mess of custom <a href="https://fosstodon.org/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> and <a href="https://fosstodon.org/tags/procmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>procmail</span></a>.</p>
IT News<p>More than 1.5 million email servers running Exim vulnerable to critical attacks - Enlarge </p><p>More than 1.5 million email servers are vulnerable to... - <a href="https://arstechnica.com/?p=2036607" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=2036607</span><span class="invisible"></span></a> <a href="https://schleuss.online/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://schleuss.online/tags/exploits" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploits</span></a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biz</span></a> <a href="https://schleuss.online/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>email</span></a> <a href="https://schleuss.online/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a></p>
Linuxiac<p>New Exim 4.98 MTA addresses critical SMTP vulnerabilities. Includes crucial updates for DKIM handling and SMTP security.<br><a href="https://linuxiac.com/exim-4-98-mta-patches-over-30-bugs/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">linuxiac.com/exim-4-98-mta-pat</span><span class="invisible">ches-over-30-bugs/</span></a></p><p><a href="https://mastodon.social/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> <a href="https://mastodon.social/tags/mta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mta</span></a> <a href="https://mastodon.social/tags/smtp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smtp</span></a></p>
Mark Gardner<p><span class="h-card" translate="no"><a href="https://kolektiva.social/@AnarchoDoggo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>AnarchoDoggo</span></a></span> <span class="h-card" translate="no"><a href="https://social.edist.ro/@silberfuchs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>silberfuchs</span></a></span> <span class="h-card" translate="no"><a href="https://fedi.seriousbusiness.international/users/swaggboi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>swaggboi</span></a></span> <a href="https://social.sdf.org/tags/Perl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Perl</span></a> did not “give” the world <a href="https://social.sdf.org/tags/PCRE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCRE</span></a>; Philip Hazel wrote it for the <a href="https://social.sdf.org/tags/Exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exim</span></a> mail transport agent software in 1997.</p><p>I like to refer to it as “*Partially* Compatible Regular Expressions.” Here is the project’s documentation on (some) areas where it will disappoint you: <a href="https://PCRE.org/current/doc/html/pcre2compat.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">PCRE.org/current/doc/html/pcre</span><span class="invisible">2compat.html</span></a></p>
Bernard Quatermass<p><span class="h-card" translate="no"><a href="https://vmst.io/@jalefkowit" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jalefkowit</span></a></span> lovely to see this article.</p><p>It’s an honour to help keep the <a href="https://ehlo.exim.org/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> torch alive.</p>
artfulrobot<p>Oh no. I think I've got to reconfigure <a href="https://fosstodon.org/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> a bit. Maybe I'll stick needles up behind my nails and use the keyboard like that to focus my mind on something other than the pain of this task!</p><p>I use exim a lot, but the config has a real lack of logic/structure, the syntax is written by someone who criticises Perl for being too readable and testing it is cumbersome.</p><p>I don't have the spoons to try to transfer my needs/knowledge to postfix. Email delivery is just so darned complex.</p><p><a href="https://fosstodon.org/tags/exim4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim4</span></a></p>
Quinn Comendant<p>Who's making a LLM-based spam filter plugin for <a href="https://mastodon.social/tags/Spamassassin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spamassassin</span></a> or <a href="https://mastodon.social/tags/Rspamd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rspamd</span></a>?</p><p>Gmail has advanced AI-based filtering. Now that LLMs are becoming democratized, I'm ready for a self-hosted AI spam filter.</p><p>It seems much more popular to publish research papers on the viability of LLM-based spam filtering than it is to build LLM-based spam filtering software. Here are dozens of papers: <a href="https://www.arxiv-sanity-lite.com/?rank=pid&pid=2206.02443" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">arxiv-sanity-lite.com/?rank=pi</span><span class="invisible">d&pid=2206.02443</span></a> Nothing on GitHub, yet.</p><p><a href="https://mastodon.social/tags/llm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>llm</span></a> <a href="https://mastodon.social/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://mastodon.social/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spam</span></a> <a href="https://mastodon.social/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> <a href="https://mastodon.social/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> <a href="https://mastodon.social/tags/postfix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>postfix</span></a> <a href="https://mastodon.social/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> <a href="https://mastodon.social/tags/sendmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sendmail</span></a> <a href="https://mastodon.social/tags/qmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>qmail</span></a></p>
DFN-CERT<p><a href="https://infosec.exchange/tags/Exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exim</span></a> released 4.97.1 to address the recent SMTP Smuggling vuln (CVE-2023-51766).</p><p><a href="https://lists.exim.org/lurker/message/20231228.211920.dd3e6d22.en.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.exim.org/lurker/message/</span><span class="invisible">20231228.211920.dd3e6d22.en.html</span></a></p>
DFN-CERT<p>cr;lf: SMTP smuggling / email spoofing involving different MTAs possible</p><p>Details at <a href="https://infosec.exchange/tags/37c3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>37c3</span></a> later today<br><a href="https://events.ccc.de/congress/2023/hub/en/event/smtp_smuggling_spoofing_e-mails_worldwide/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">events.ccc.de/congress/2023/hu</span><span class="invisible">b/en/event/smtp_smuggling_spoofing_e-mails_worldwide/</span></a></p><p>SEC consult blog post here: <br><a href="https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sec-consult.com/blog/detail/sm</span><span class="invisible">tp-smuggling-spoofing-e-mails-worldwide/</span></a></p><p><a href="https://infosec.exchange/tags/Postfix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Postfix</span></a> comments and releases new versions<br><a href="https://www.postfix.org/smtp-smuggling.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">postfix.org/smtp-smuggling.htm</span><span class="invisible">l</span></a><br><a href="https://www.postfix.org/announcements/postfix-3.5.23.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">postfix.org/announcements/post</span><span class="invisible">fix-3.5.23.html</span></a><br><a href="https://www.postfix.org/announcements/postfix-3.6.13.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">postfix.org/announcements/post</span><span class="invisible">fix-3.6.13.html</span></a><br><a href="https://www.postfix.org/announcements/postfix-3.7.9.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">postfix.org/announcements/post</span><span class="invisible">fix-3.7.9.html</span></a><br><a href="https://www.postfix.org/announcements/postfix-3.8.4.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">postfix.org/announcements/post</span><span class="invisible">fix-3.8.4.html</span></a></p><p><a href="https://infosec.exchange/tags/Sendmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sendmail</span></a> has a Snapshot 8.18.0.2 with a new configuration option available for testing<br><a href="https://groups.google.com/g/comp.mail.sendmail/c/zwJW9907Zgo" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">groups.google.com/g/comp.mail.</span><span class="invisible">sendmail/c/zwJW9907Zgo</span></a></p><p><a href="https://infosec.exchange/tags/Exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exim</span></a> does some work behind the scenes:<br><a href="https://lists.exim.org/lurker/thread/20231223.193645.5f50f60a.de.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.exim.org/lurker/thread/2</span><span class="invisible">0231223.193645.5f50f60a.de.html</span></a><br><a href="https://github.com/Exim/exim/commit/cf1376206284f2a4f11e32d931d4aade34c206c5" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/Exim/exim/commit/cf</span><span class="invisible">1376206284f2a4f11e32d931d4aade34c206c5</span></a><br><a href="https://github.com/Exim/exim/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/Exim/exim/commit/5b</span><span class="invisible">b786d5ad568a88d50d15452aacc8404047e5ca</span></a></p><p>oss-sec thread here:<br><a href="https://seclists.org/oss-sec/2023/q4/306" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">seclists.org/oss-sec/2023/q4/3</span><span class="invisible">06</span></a></p>
Marcel Waldvogel<p>After having been informed by <span class="h-card" translate="no"><a href="https://piaille.fr/@mathieui" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mathieui</span></a></span> that <a href="https://waldvogel.family/tags/Exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exim</span></a> is also affected, I compiled a list of what <a href="https://waldvogel.family/tags/SECConsult" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SECConsult</span></a> documented and what has been found out in the meantime. SEC Consult documented 11 mail systems (software and/or providers; many with millions of accounts) vulnerable to some form of <a href="https://waldvogel.family/tags/SMTPSmuggling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMTPSmuggling</span></a>. But they only informed 3. With <a href="https://waldvogel.family/tags/Exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exim</span></a> also vulnerable (apparently presumed "clean" by SEC Consult), the list is now 12.<br><a href="https://netfuture.ch/2023/12/smtp-smuggling-status/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">netfuture.ch/2023/12/smtp-smug</span><span class="invisible">gling-status/</span></a></p>
Siderea, Sibylla Bostoniensis<p>I have unfairly maligned <a href="https://universeodon.com/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a>'s honor. This is a <a href="https://universeodon.com/tags/procmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>procmail</span></a> problem. Or at least procmail is the identified patient.</p><p>The problem seems to be that procmail feels very strongly about the system mailbox (/var/spool/mail/$whatever). If it doesn't exist, it attempts to create it. If it can't create it, it throws an error (and the message bounces). If it doesn't need to create it but can't access it, it throws a different error. If it can access it but doesn't like its permissions, also error.</p>
Jan Wildeboer 😷:krulorange:<p><a href="https://social.wildeboer.net/tags/exim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exim</span></a> is tracking this in their bug report at <a href="https://bugs.exim.org/show_bug.cgi?id=3063" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bugs.exim.org/show_bug.cgi?id=</span><span class="invisible">3063</span></a> and a fix has been committed at <a href="https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">git.exim.org/exim.git/commit/5</span><span class="invisible">bb786d5ad568a88d50d15452aacc8404047e5ca</span></a> - thx <span class="h-card" translate="no"><a href="https://infosec.exchange/@QuatermassTools" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>QuatermassTools</span></a></span> for the info! <a href="https://infosec.exchange/@QuatermassTools/111637108410087826" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@QuatermassTo</span><span class="invisible">ols/111637108410087826</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload