Another day, another sendmail exploit.
Today a new sendmail version was released, which fixed another bug in the
address-parsing.
To prevent your customers, from this bug, until they fix their versions
use the follwing entry in your data-acl.
deny message = Another day, another sendmail bug
condition = ${if match{$message_headers}{\xff}{1}{0}}
This will disallow \xff in the headers of the message.
Maybe verify = header_syntax will also catch this, but it doesn't check
all the headers that could be used to exploit sendmail.
Nico
