Bugtraq mailing list archives
quick Postfix check for Outlook date exploit
From: mark () SECURITY NL (Mark Lastdrager)
Date: Fri, 21 Jul 2000 18:34:58 +0200
Hi, With a little help from Koos van den Hout I made a small header_check for Postfix to prevent people from exploiting the latest Outlook bug. A quick test shows it works but don't come complaining when it doesn't ;-) In your main.cf put this line: header_checks = regexp:/etc/postfix/header_checks (path depends on where your postfix config lives) In header_checks put: /^Date:.{60,}$/ REJECT This will reject messages with a date line longer than 60 chars. Don't forget postfix reload ;-) Mark Lastdrager Pine Internet -- email: mark () lastdrager nl :: ML1400-RIPE :: tel. +31-70-3111010 http://www.pine.nl :: RIPE RegID nl.pine :: fax. +31-70-3111011 PGP key ID 92BB81D1 :: Dutch security news @ http://security.nl Today's excuse: because of network lag due to too many people playing deathmatch
Current thread:
- quick Postfix check for Outlook date exploit Mark Lastdrager (Jul 21)