The SMTP Smuggling vulnerabilities released just before Christmas have kept a lot of sysadmins busy over the festive period. Over time, more servers have been found to be vulnerable, including Exim. Upstream have released a patch to fix the CVE, but this hasn't yet been backported to distribution release versions.

It was suggested that disabling pipelining and chunking would stop the vulnerability being exploited. I looked into this and the simple way to do this is to add this to your Exim configuration:

chunking_advertise_hosts =
pipelining_advertise_hosts =

I have yet to find a reliable evidence of compromise for this vulnerability in Exim logs.