Do not offer TLS. (This mitigation is not recommended.)
-For a attacking SNI the following ACL snippet should work:
+For a attacking TLS client the following ACL snippet should work:
- # to be prepended to your mail acl (acl_smtp_mail)
+ # to be prepended to your mail acl (the ACL referenced
+ # by the acl_smtp_mail main config option)
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
+ deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Fix
===
git://git.exim.org / exim-website.git / blobdiff