Re: [exim] for europeans only: EU GDPR and mitigation of CV…

Góra strony
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
Dla: Jay Sekora
CC: exim-users
Temat: Re: [exim] for europeans only: EU GDPR and mitigation of CVE-2019-15846
Jay Sekora <js@???> (Fr 06 Sep 2019 20:49:21 CEST):
> > For that reason I've published another mitigation method
> >
> >     # to be prepended to your mail acl (the ACL referenced
> >     # by the acl_smtp_mail main config option)
> >     deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
> >     deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}

>
> Thanks very much for that! Works fine on 4.86 (as shipped with Ubuntu
> 16.04).
>
> On 4.82 as shipped with Ubuntu 14.04 (ick) on a host I unfortunately
> can't upgrade quickly, the second deny condition (checking $tls_in_peerdn)
> works fine but the first one complains that $tls_in_sni is an unknown
> variable:
>
> failed to expand ACL string "${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}": unknown variable name "tls_in_sni"
>
> I've compared the documentation for SNI-related variables in the two
> versions and see no obvious relevant difference. Am I missing something
> obvious?


According the the Git log, the $tls_in_sni variable should be available
for >= 4.81. For <4.81 $tls_sni was the name.

Does "exim -be '$tls_in_sni'" complain too? And "exim -be '$tls_sni'"?

--
Heiko