Re: [exim] bypassing exim string expansion with invalid addr…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MCyborg at <-
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users@exim.org
Subject: Re: [exim] bypassing exim string expansion with invalid addresses
On 13 Mar 2019, at 09:55, Cyborg via Exim-users <exim-users@???> wrote:
> I forgot to add the "attack" pattern:
>
> From: "ONLINE PHARMACY" <guclxfh@???>

Valid per RFC5322. 

>       R="CANADA-DRUGSTORE" guclxfh@???>"

Invalid per RFC5322. If it’s invalid, addresses cannot be extracted. We can only code against the valid format, as forms of invalidity are for all practical purposes infinite.

You *could* do a check against the existence of the Reply-to: header, and if it’s invalid, score or reject.

Graeme
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] bypassing exim string expansion with invalid addressesRe: [exim] exim Daemon not flush queue->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)