The recommended Mailman Transport for Exim invokes the Mailman mail wrapper with an unedited listname derived from the $local_part of the email address less any known suffix.
The problem with this configuration is that $local_part is not guaranteed to be safe for use as a filesystem directory name. This allows a local attacker to create a directory with a config.pck file in a location that the mailman user can access, send an email to an address with the directory traversal in it (../../../../../<email address hidden>), and then wait for the queue runner to execute arbitrary code as the mailman user either via the pickle file itself or through an extend.py file in the fake list directory. Neither exim nor mailman has code that protects against this attack.
The recommended Exim configiration does check that the lists/${lc::$local_part}/config.pck file does exist, but this check is also vulnerable to the path traversal attack.
It appears that the postfix_