From b8fa12c85d8d08b7702a9b55fd73d2987720bd66 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Fri, 6 Sep 2019 13:18:14 +0200 Subject: [PATCH] Add more detail to the mitigation --- templates/static/doc/security/CVE-2019-15846.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/static/doc/security/CVE-2019-15846.txt b/templates/static/doc/security/CVE-2019-15846.txt index aabdf1d..386a1fa 100644 --- a/templates/static/doc/security/CVE-2019-15846.txt +++ b/templates/static/doc/security/CVE-2019-15846.txt @@ -29,8 +29,10 @@ Do not offer TLS. (This mitigation is not recommended.) For a attacking SNI the following ACL snippet should work: - # to be prepended to your mail acl (acl_smtp_mail) + # to be prepended to your mail acl (the ACL referenced + # by the acl_smtp_mail main config option) deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}} + deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}} Fix === -- 2.30.2