January 29, 2020 12:19 PM, "Andreas Broecking" <[email protected]> wrote:
> Hi all,
>
> first of all, thanks Gilles for the heads-up and a fix on short notice.
>
> For people like me who relay on the portable version and for systems which
> relay on built packages
> as they lack the local development tools, a filter should help to mitigate
> the problem until a
> package could be built on another system.
>
> Shouldn’t something like
>
> filter exploit_check phase mail-from match mail-from regex { '<*\;*' } \
> disconnect "550 no exploiting, kthx”
>
> listen on $interface filter exploit_check
>
> sufficiently mitigate the problem?
> I am not fluent in regex’ing so maybe I am missing an edge case. It does
> prevent the example
> exploit and any others I’ve seen in the last hours.
>
filter exploit_check phase mail-from match mail-from regex ".*;.*" \
disconnect "550 no exploiting, kthx”
listen on $interface filter exploit_check
This should work yes but I don't have an unpatched system to test it.
You also need it on "listen on socket"
The best mitigation would be to use maildir instead of mbox as it's not
impacted.
