Am 06.06.19 um 14:07 schrieb Heiko Schlittermann via Exim-users:
> Hi,
>
> Cyborg via Exim-users <[email protected]> (Do 06 Jun 2019 13:24:21 CEST):
>> As the Advisiory is a bit unspecific for a protection, shouldn't a check
>> for "$" in
>>
>> deny message = Restricted characters in address
>> domains = +local_domains
>> local_parts = ^[.] : ^.*[\$@%!/|]
> Yes, from my POV it suffices. As Jeremy said, for non-SMTP the same
> sould be done.
>
> But, for the 2nd exploit, you should do the same with the sender's
> address.
>
Before anyone asks : for the seconds exploit :
acl_check_mail:
...
drop message = Restricted characters in address
condition = ${if match{$sender_address}{\N.*\$.*run.*\N}{1}{0}}
# BEFORE : IMPORTANT!
accept hosts = +relay_from_hosts
"\$.*run" because some Bulkmail put "$randomids$randomids" into
bounceemailaddresses.
best regards,
Marius
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
