Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Ian Zimmerman
Datum:  
To: exim-users
Betreff: Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?
On 2019-06-23 23:52, Cyborg wrote:

> Anyone who used this restricted chars patch:
>
>   deny    message       = Restricted characters in address
>           domains       = +local_domains
>           local_parts   = ^[.] : ^.*[\$@%!/|]
>
> should update to this ruleset :
>
>   deny    message       = Restricted characters in address
>           domains       = +local_domains
>           local_parts   = ^[.] : ^.*[\$@%!/|] : ^.*x24 : ^.*0.44
>
> as there is a unexpected problem with jeremy's version, which will
> reject any x24 in any part of the message.


I just want to prohibit any backslashes in local parts. I know this is
totally safe to do im my case. So what it the appropriate number of
backslashes to put in the regexp? Will this work:

deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[\$@%!/\\|]

?

Btw I run 4.92, so this is just overabundance of caution on my part.

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.