X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/23ffb224862d37e6fa8dd8e192120efaa35e5a98..8180c0d5a3d0823641d65535c70fb52900926060:/templates/static/doc/security/CVE-2019-15846.txt?ds=inline diff --git a/templates/static/doc/security/CVE-2019-15846.txt b/templates/static/doc/security/CVE-2019-15846.txt index 3a78aa5..f82b8e3 100644 --- a/templates/static/doc/security/CVE-2019-15846.txt +++ b/templates/static/doc/security/CVE-2019-15846.txt @@ -27,6 +27,13 @@ Mitigation Do not offer TLS. (This mitigation is not recommended.) +For a attacking TLS client the following ACL snippet should work: + + # to be prepended to your mail acl (the ACL referenced + # by the acl_smtp_mail main config option) + deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}} + deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}} + Fix ===