diff options
author | Andreas Metzler <ametzler@downhill.at.eu.org> | 2013-01-02 19:29:51 +0100 |
---|---|---|
committer | Andreas Metzler <ametzler@downhill.at.eu.org> | 2013-01-02 19:29:51 +0100 |
commit | 7b49492c1cea33f6b36cbec8b6f82920cb247c1c (patch) | |
tree | 1565c8b878b92485d3c98a66282a511c6e397c4d | |
parent | 9778a00ed30b9521ca33a26eecd7c750d9dbb570 (diff) | |
download | exim4-7b49492c1cea33f6b36cbec8b6f82920cb247c1c.tar.gz |
Use ${quote:xxx} when invoking spfquery
Use exim's ${quote:xxx} operator when invoking spfquery to disallow
bypassing of SPF validation by using special mailbox names. (Thanks to
Lekensteyn for diagnosis and testing.) Closes: #697057
-rw-r--r-- | debian/changelog | 3 | ||||
-rw-r--r-- | debian/debconf/conf.d/acl/30_exim4-config_check_rcpt | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 5e9617b..e8247e9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -19,6 +19,9 @@ exim4 (4.80-7) UNRELEASED; urgency=low * Remove obsolete conffile /etc/cron.monthly/exim4-base which was only shipped in 4.69-3. Closes: #689334 * Update exim_db.8, syncing against spec.txt from exim 4.80. + * Use exim's ${quote:xxx} operator when invoking spfquery to disallow + bypassing of SPF validation by using special mailbox names. (Thanks to + Lekensteyn for diagnosis and testing.) Closes: #697057 -- Andreas Metzler <ametzler@debian.org> Sun, 25 Nov 2012 09:30:18 +0100 diff --git a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt index ac347aa..4949587 100644 --- a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt +++ b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt @@ -265,10 +265,10 @@ acl_check_rcpt: log_message = SPF check failed. !acl = acl_local_deny_exceptions condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \ - \"$sender_host_address\" --identity \ + ${quote:$sender_host_address} --identity \ ${if def:sender_address_domain \ - {--scope mfrom --identity \"$sender_address\"}\ - {--scope helo --identity \"$sender_helo_name\"}}}\ + {--scope mfrom --identity ${quote:$sender_address}}\ + {--scope helo --identity ${quote:$sender_helo_name}}}}\ {no}{${if eq {$runrc}{1}{yes}{no}}}} defer |