Re: [exim] for europeans only: EU GDPR and mitigation of CV…

Top Page

Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] for europeans only: EU GDPR and mitigation of CVE-2019-15846
Cyborg via Exim-users <exim-users@???> (Fr 06 Sep 2019 14:37:23 CEST):
> Hi,
>
> this post is only relevant for European Corps or Organisations WITH
> mailerservers
> in or outside of the EU.  if you are not based in the EU, you can skip this.
>
> As a possible Mitigation for  CVE-2019-15846 stopping to use TLS in form of
>
> tls_advertise_hosts =
>
> in your config, is a bigger deal, as you may think.


For that reason I've published another mitigation method

    # to be prepended to your mail acl (the ACL referenced
    # by the acl_smtp_mail main config option)
    deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
    deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -