On Tue, Jun 25, 2019 at 03:05:43PM +0200, Cyborg via Exim-users wrote:
> Am 24.06.19 um 20:31 schrieb Andreas Metzler via Exim-users:
...
> > M OTOH does not match everything but is much to broad since it does
> > not match on the backslash at all. Also I do not see how "jeremy's
> > version will r
On 25/06/2019 19:01, mixed8e--- via Exim-users wrote:
>> and i was not sure if EXIM does publish that string in any other possible
>> remote "access vector" too.
>
> That would be nice to know.
A scan over the source gives me:
- logged at daemon startup & shutdown
- written to the process log on
inlineā¦
On 24/06/2019 7:18 pm, mixed8e--- via Exim-users wrote:
On Fri, 2019-06-21 at 15:53 +0200, Heiko Schlittermann via Exim-users
wrote:
Check your system for unusual activities.
Symptoms on a hacked system I got aware of were quite similar. The
log
reported about too many received headers:
Niels Dettenbach via Exim-users (Di 25 Jun 2019 14:48:20
CEST):
> Am Dienstag, 25. Juni 2019, 13:53:26 CEST schrieb Jeremy Harris via Exim-
> users:
> > No recompile needed. smtp_banner.
> This only set's the banner, but not the SMTP-Headers " by " which are
> "public" too and used as a idicator
Cyborg via Exim-users wrote:
> Am 24.06.19 um 20:31 schrieb Andreas Metzler via Exim-users:
[...]
>> M OTOH does not match everything but is much to broad since it does
>> not match on the backslash at all. Also I do not see how "jeremy's
>> version will reject any x24 in any part of the message",
On 2019-06-25 09:26, Bill Cole wrote:
> > PS: I do not need an additional copy of list emails. I get
> > very tired of getting them. If your MUA does not have
> > a "reply to list" button, please get a better one.
> > I swear, I'm going to start deliberately ignoring anyone
> >
Am Dienstag, 25. Juni 2019, 15:03:02 CEST schrieb Jeremy Harris via Exim-
users:
> Indeed; but only the banner was being asked about.
ok, sorry for the noise. for me, the the Recvd header is a kind of "banner"
too. seems a misunderstanding from my side.
> You're interested in received_header_text
On 25 Jun 2019, at 9:03, Jeremy Harris via Exim-users wrote:
PS: I do not need an additional copy of list emails. I get
very tired of getting them. If your MUA does not have
a "reply to list" button, please get a better one.
I swear, I'm going to start deliberately ignoring any
Am 24.06.19 um 20:31 schrieb Andreas Metzler via Exim-users:
>
> Hello Marius,
>
> would you mind explaining this? There are many differences between
> these rules
Yes ..
> J ^.*\\0?44
> M ^.*0.44
>
> J tries to match on \044 or \44, M on 0.44 and 0a44, ... 0z44
Yes, it does. It circumvented the
On 25/06/2019 13:48, Niels Dettenbach via Exim-users wrote:
> Am Dienstag, 25. Juni 2019, 13:53:26 CEST schrieb Jeremy Harris via Exim-
> users:
>> No recompile needed. smtp_banner.
> This only set's the banner, but not the SMTP-Headers " by " which are
> "public" too and used as a idicator for "
Am Dienstag, 25. Juni 2019, 13:53:26 CEST schrieb Jeremy Harris via Exim-
users:
> No recompile needed. smtp_banner.
This only set's the banner, but not the SMTP-Headers " by " which are
"public" too and used as a idicator for "security researchers" (by my
experience) - i.e. germany BSI.
hth,
On 24/06/2019 19:35, mixed8e--- via Exim-users wrote:
> What would be the Exim setting to limit the number of TCP connections? Or
> is it a bad idea to limit connections like that? I do know at least one
> group of users of this server sit behind a single IP address, so the
> connection count for
mixed8e--- via Exim-users wrote on 24/06/2019 20:02:
> Dumb question, what is the config setting that allows me to remove the
> Exim version from the greet banner?
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-main_configuration.html
search for smtp_banner
Greetings, Wolfgang
--
Wo
On 25/06/2019 12:41, Niels Dettenbach via Exim-users wrote:
> Am Montag, 24. Juni 2019, 20:02:33 CEST schrieb mixed8e--- via Exim-users:
>> Dumb question, what is the config setting that allows me to remove the
>> Exim version from the greet banner?
> If i remember right, there is no such option in
On 24/06/2019 19:18, mixed8e--- via Exim-users wrote:
> a group from May 20 which is
> before the exploit was announced. Perhaps this is unrelated? There are no
> cron job entries that try to execute these files. I'm not sure what to
> make of them.
Perhaps your system was already compromised by o
15 matches
Mail list logo
