Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Am 06.06.19 um 14:07 schrieb Heiko Schlittermann via Exim-users:
> Hi,
>
> Cyborg via Exim-users <exim-users@???> (Do 06 Jun 2019 13:24:21 CEST):
>> As the Advisiory is a bit unspecific for a protection, shouldn't a check
>> for  "$" in
>>
>>   deny    message       = Restricted characters in address
>>               domains       = +local_domains
>>               local_parts   = ^[.] : ^.*[\$@%!/|]
> Yes, from my POV it suffices. As Jeremy said, for non-SMTP the same
> sould be done.
>
> But, for the 2nd exploit, you should do the same with the sender's
> address.
>
Before anyone asks :  for the seconds exploit :

acl_check_mail:

...
  drop message = Restricted characters in address
          condition = ${if match{$sender_address}{\N.*\$.*run.*\N}{1}{0}}

# BEFORE :  IMPORTANT!

  accept  hosts         = +relay_from_hosts

"\$.*run" because some Bulkmail put "$randomids$randomids" into
bounceemailaddresses.

best regards,
Marius