January 29, 2020 12:19 PM, "Andreas Broecking" <andr...@gzipped.org> wrote:

> Hi all,
> 
> first of all, thanks Gilles for the heads-up and a fix on short notice.
> 
> For people like me who relay on the portable version and for systems which 
> relay on built packages
> as they lack the local development tools, a filter should help to mitigate 
> the problem until a
> package could be built on another system.
> 
> Shouldn’t something like 
> 
> filter exploit_check phase mail-from match mail-from regex { '<*\;*' } \
> disconnect "550 no exploiting, kthx”
> 
> listen on $interface filter exploit_check
> 
> sufficiently mitigate the problem?
> I am not fluent in regex’ing so maybe I am missing an edge case. It does 
> prevent the example
> exploit and any others I’ve seen in the last hours.
> 

filter exploit_check phase mail-from match mail-from regex ".*;.*" \
    disconnect "550 no exploiting, kthx”

listen on $interface filter exploit_check

This should work yes but I don't have an unpatched system to test it.
You also need it on "listen on socket"

The best mitigation would be to use maildir instead of mbox as it's not 
impacted.

Reply via email to