quick Postfix check for Outlook date exploit

[mark () SECURITY NL (Mark Lastdrager)]

Hi,

With a little help from Koos van den Hout I made a small header_check
for Postfix to prevent people from exploiting the latest Outlook
bug. A quick test shows it works but don't come complaining when it
doesn't ;-)

In your main.cf put this line:

        header_checks = regexp:/etc/postfix/header_checks

(path depends on where your postfix config lives)

In header_checks put:

        /^Date:.{60,}$/ REJECT

This will reject messages with a date line longer than 60 chars.

Don't forget postfix reload ;-)

Mark Lastdrager
Pine Internet

--
email: mark () lastdrager nl :: ML1400-RIPE :: tel. +31-70-3111010
http://www.pine.nl :: RIPE RegID nl.pine :: fax. +31-70-3111011
PGP key ID 92BB81D1 :: Dutch security news @ http://security.nl
Today's excuse: because of network lag due to too many people playing
deathmatch