Re: [exim] for europeans only: EU GDPR and mitigation of CV…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jay Sekora
Datum:  
To: Heiko Schlittermann
CC: exim-users
Betreff: Re: [exim] for europeans only: EU GDPR and mitigation of CVE-2019-15846
> For that reason I've published another mitigation method
>
>     # to be prepended to your mail acl (the ACL referenced
>     # by the acl_smtp_mail main config option)
>     deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
>     deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}


Thanks very much for that! Works fine on 4.86 (as shipped with Ubuntu
16.04).

On 4.82 as shipped with Ubuntu 14.04 (ick) on a host I unfortunately
can't upgrade quickly, the second deny condition (checking $tls_in_peerdn)
works fine but the first one complains that $tls_in_sni is an unknown
variable:

failed to expand ACL string "${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}": unknown variable name "tls_in_sni"

I've compared the documentation for SNI-related variables in the two
versions and see no obvious relevant difference. Am I missing something
obvious?

Jay