On 2019-07-03 21:42, Jeremy Harris wrote: > > \\x24 should match the literal \x24, which may be used to encode the > > dollar sign for the unintended local_part expansion in the vulnerable > > code.
After your important discovery that escaping is done on local parts as part of SMTP (at least that's how I interpreted the disappearance of the backslash from "it\z"), the next question should be but has not yet been: why is this needed at all? Won't the whole escape sequence be transformed into a dollar sign by the time it is matched against the rule? -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
