From b8fa12c85d8d08b7702a9b55fd73d2987720bd66 Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Fri, 6 Sep 2019 13:18:14 +0200
Subject: [PATCH] Add more detail to the mitigation

---
 templates/static/doc/security/CVE-2019-15846.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/static/doc/security/CVE-2019-15846.txt b/templates/static/doc/security/CVE-2019-15846.txt
index aabdf1d..386a1fa 100644
--- a/templates/static/doc/security/CVE-2019-15846.txt
+++ b/templates/static/doc/security/CVE-2019-15846.txt
@@ -29,8 +29,10 @@ Do not offer TLS. (This mitigation is not recommended.)
 
 For a attacking SNI the following ACL snippet should work:
 
-    # to be prepended to your mail acl (acl_smtp_mail)
+    # to be prepended to your mail acl (the ACL referenced
+    # by the acl_smtp_mail main config option)
     deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
+    deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
 
 Fix
 ===
-- 
2.30.2