Exim SMTP BDAT support

[scurrell]

Back in 2017 an Exim vulnerability meant that BDAT support was disabled in Exim by setting chunking_advertise_hosts = ""

After 3 years, has this now been fixed so that BDAT support can be re-enabled?

We have a client who can't receive messages from and important client of theirs because of this:

Error: 550 5.6.11 SMTPSEND.BareLinefeedsAreIllegal; message contains bare linefeeds, which cannot be sent via DATA and receiving system does not support BDAT

 

[cPanelLauren]

From the Exim Documentation

hosts_try_chunking

Use: smtp

Type: host list†

Default: *

This option provides a list of servers to which, provided they announce CHUNKING support, Exim will attempt to use BDAT commands rather than DATA.

Unless DKIM signing is being done,

BDAT will not be used in conjunction with a transport filter.

So for this host list it's pulled from chunking_advertise_hosts

And for that we did end up doing actually was setting the following:

/etc/exim.conf:chunking_advertise_hosts = 198.51.100.1

Set this to a private reserved IP so there could be no way it was advertised to anyone but that IP which wouldn't ever be used.


What you could do is remove the chunking_advertise_hosts entry and add the host you want to advertise chunking for in order to accept BDAT commands.

The issue with the vulnerability came into play because this defaulted to a wildcard (*)