http://lists.debian.org/debian-security-announce/2010/msg00181.html
notes
| For the testing distribution (squeeze) and the unstable distribution
| (sid), this problem has been fixed in version 4.70-1.
but here
root@wotan:~# aptitude show exim4 | grep ^Version
Version: 4.72-2