[exim] no EHLO after STARTTLS (was: CVE-2019-15846: Exim - l…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: exim-users
Old-Topics: Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges
Subject: [exim] no EHLO after STARTTLS (was: CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges)
Phil Pennock via Exim-users wrote on 07/09/2019 03:16:
> To the best of my knowledge, that has never blocked legitimate mail.
> Everyone does EHLO after STARTTLS.

I was wondering how many connection would be blocked in my setup with this ACL
in place... according to my logs from last August I see <20 empty HELOs out of
~1M connections a day.

All those up to 20 fail to transmit their SPAM due to other oddities
(primarily no PTR).

Have you seen spambots that fail due to this specific ACL with high numbers in
the past/currently?

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | https://www.blafasel.at/
Vienna University Computer Center | Austria


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privilegesRe: [exim] CVE-2019-15846: Exim - local or remote attacker can execute programs with root privileges.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)