[exim] Exim header check and mailsploit?

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Adrian Zaugg
日付:  
To: Exim Users
題目: [exim] Exim header check and mailsploit?

Hi

Following the recently published "mailsploit" [1] issue, I wonder why
exim with enabled headers syntax check doesn't reject those message that
use illegal characters in their from address.

The mailsploit attack relies on special chars like newline or the nul
character encoded in base64 or quoted-printable. In my opinion encoded
strings in mail headers should get decoded for validity checking, e.g
when setting in an ACL: require verify = headers_syntax
Am I wrong with this assumption?

Best regards, Adrian.

[1] https://www.mailsploit.com