Autore: Ian Zimmerman Data: To: exim-users Oggetto: Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?
On 2019-06-23 23:52, Cyborg wrote:
> Anyone who used this restricted chars patch:
>
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[\$@%!/|]
>
> should update to this ruleset :
>
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[\$@%!/|] : ^.*x24 : ^.*0.44
>
> as there is a unexpected problem with jeremy's version, which will
> reject any x24 in any part of the message.
I just want to prohibit any backslashes in local parts. I know this is
totally safe to do im my case. So what it the appropriate number of
backslashes to put in the regexp? Will this work:
Btw I run 4.92, so this is just overabundance of caution on my part.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.