Hi all,
first of all, thanks Gilles for the heads-up and a fix on short notice.
For people like me who relay on the portable version and for systems which
relay on built packages as they lack the local development tools, a filter
should help to mitigate the problem until a package could be built on another
system.
Shouldn’t something like
filter exploit_check phase mail-from match mail-from regex { '<*\;*' } \
disconnect "550 no exploiting, kthx”
listen on $interface filter exploit_check
sufficiently mitigate the problem?
I am not fluent in regex’ing so maybe I am missing an edge case. It does
prevent the example exploit and any others I’ve seen in the last hours.
Best regards
Andreas
