Cyborg via Exim-users <exim-users@???> (Fr 06 Sep 2019 14:37:23 CEST):
> Hi,
>
> this post is only relevant for European Corps or Organisations WITH
> mailerservers
> in or outside of the EU. if you are not based in the EU, you can skip this.
>
> As a possible Mitigation for CVE-2019-15846 stopping to use TLS in form of
>
> tls_advertise_hosts =
>
> in your config, is a bigger deal, as you may think.
For that reason I've published another mitigation method
# to be prepended to your mail acl (the ACL referenced
# by the acl_smtp_mail main config option)
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
