As an FYI, the Exim developers released Exim 4.80.1 today which is a critical security release addressing a remote code execution flaw in Exim versions between 4.70 and 4.80 inclusive. The release announcement is here: https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html Basically, this vulnerability can be triggered by anyone who can send you email from a domain for which they control the DNS, and thereby provides them access to the Exim run-time user. Quoting another post by Exim developer, Phil Pennock: "Thanks to a certain Wired article, I decided this area of the codebase (of many MTAs) would be likely to be reviewed by more than just me, so it would be sheer hubris to hope that this remained undiscovered by blackhats." If your Exim version was compiled using the default options then your installation is vulnerable. Hence, the Exim versions provided in by most Linux and Unix distributions are most certainly vulnerable until updated. So, make sure that you update your Exim version immediately when the next Exim update becomes available for your distribution. As per the above link, you can protect your installation from this vulnerability if you put this at the start of your ACLs plumbed into acl_smtp_connect or acl_smtp_rcpt: warn control = dkim_disable_verify Thus, to protect your Exim4U installation until your Exim version is updated, modify your /etc/exim/exim.conf file as follows: After the line: acl_connect: add: warn control = dkim_disable_verify And, after the line: acl_check_rcpt: add: warn control = dkim_disable_verify You can remove these modifications after your Exim version is updated to protect against this vulnerability. FYI, Gordon