Hi, Cyborg via Exim-users <[email protected]> (Do 06 Jun 2019 13:24:21 CEST): > As the Advisiory is a bit unspecific for a protection, shouldn't a check > for "$" in > > deny message = Restricted characters in address > domains = +local_domains > local_parts = ^[.] : ^.*[\$@%!/|]
Yes, from my POV it suffices. As Jeremy said, for non-SMTP the same
sould be done.
But, for the 2nd exploit, you should do the same with the sender's
address.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
