On 06/06/2019 12:24, Cyborg via Exim-users wrote: > As the Advisiory is a bit unspecific for a protection, shouldn't a check > for "$" in > > deny message = Restricted characters in address > domains = +local_domains > local_parts = ^[.] : ^.*[\$@%!/|]
That would suffice. You'd want to do the equivalent in the non-smtp ACL also, and I'd personally not restrict it to local domains. > Is it possible/pausible that fedora build it with "DISABLE_EVENT" defined, > so the vulnerable code is not in there? > > any way to check that ( did not find the show compile settings on the web ) ? exim -bV | grep -i support -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
