After upgrading Exim4 to an official patched version fixing CVE-2019-10149 vulnerability (i.e. exim4_4.89-2+deb9u4) on my Debian stable server, I still get the "Message frozen" warnings about suspicious emails.
Is it expected, or should these suspicious emails be silently discarded ? I can't seem to understand how the patch affects this behaviour — I'd assume such emails would trigger the !parse_extract_address(…)
condition and therefore be logged and rejected, but it doesn't seem to be the case ?