why is this only being applied to +local_domains? why not everything?
deny message = Restricted characters in address
local_parts = ^[.] : ^.*[\$@%!/|]
________________________________
Hi,
Cyborg via Exim-users <exim-users@???> (Do 06 Jun 2019 13:24:21 CEST):
> As the Advisiory is a bit unspecific for a protection, shouldn't a check
> for "$" in
>
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[\$@%!/|]
Yes, from my POV it suffices. As Jeremy said, for non-SMTP the same
sould be done.
But, for the 2nd exploit, you should do the same with the sender's
address.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -