Or rather 

filter exploit_check phase mail-from match mail-from regex { '.*\;.*\;.*’ }
        disconnect "550 no exploiting, kthx”
        
to be more specific on the semicolons as delimiter of the command?

(sorry, as I said. regex is my nemesis :))

Best regards
Andreas



> On 29. Jan 2020, at 12:19, Andreas Broecking <andr...@gzipped.org> wrote:
> 
> Hi all,
> 
> first of all, thanks Gilles for the heads-up and a fix on short notice.
> 
> For people like me who relay on the portable version and for systems which 
> relay on built packages as they lack the local development tools, a filter 
> should help to mitigate the problem until a package could be built on another 
> system.
> 
> Shouldn’t something like 
> 
> filter exploit_check phase mail-from match mail-from regex {  '<*\;*' } \
>    disconnect "550 no exploiting, kthx”
> 
> listen on $interface filter exploit_check
> 
> sufficiently mitigate the problem?
> I am not fluent in regex’ing so maybe I am missing an edge case. It does 
> prevent the example exploit and any others I’ve seen in the last hours.
> 
> Best regards
> Andreas


Reply via email to