If you have cpanel license and can update it to the latest non-vulnerable patched version, then it is the easiest fix , else please do the below steps:
Complete below modification and restart exim, also check mail service by sending test mail. Also make sure to take backup of exim.conf, before modification
Open /etc/exim.conf, SEARCH FOR acl_not_smtp:* and add below content
###############################
deny
   condition = ${if lt {$exim_version}{4.92}{1}{0}}
   condition = ${if forany{<,$recipients}{match_local_part{$item}{\N^.*\$\{.*$\N}}{yes}{no}}
   message = restricted characters in recipient address
deny
   condition = ${if lt {$exim_version}{4.92}{1}{0}}
   condition = ${if match{$sender_address_local_part}{\N^.*\$\{.*$\N}{yes}{no}}
   message = restricted characters in sender address
# END INSERT 000_restricted_chars
# BEGIN INSERT resolve_vhost_owner
warn
       condition  = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}}
       set acl_c_vhost_owner = ${perl{resolve_vhost_owner}}
##############################
Search for acl_smtp_rcpt: and add below content*
############################
deny
   condition = ${if lt {$exim_version}{4.92}{1}{0}}
   local_parts = \N^.*\$\{.*$\N
   message = restricted characters in recipient address
deny
   condition = ${if lt {$exim_version}{4.92}{1}{0}}
   senders = \N^.*\$\{.*$\N
   message = restricted characters in sender address
###########################
After that please do the below steps :
######################################
1: Remove /etc/ld.so.preload
rm -f /etc/ld.so.preload
rm -f /lib/libgrubd.so
2: check .ssh/authorized_keys file, if anything unusual entries in authorized_keys please clear all except ezeelogin server key and set attribute for .ssh/authorized_keys
Complete below modification and restart exim, also check mail service by sending test mail. Also make sure to take backup of exim.conf, before modification
Open /etc/exim.conf, SEARCH FOR acl_not_smtp:* and add below content
###############################
deny
   condition = ${if lt {$exim_version}{4.92}{1}{0}}
   condition = ${if forany{<,$recipients}{match_local_part{$item}{\N^.*\$\{.*$\N}}{yes}{no}}
   message = restricted characters in recipient address
deny
   condition = ${if lt {$exim_version}{4.92}{1}{0}}
   condition = ${if match{$sender_address_local_part}{\N^.*\$\{.*$\N}{yes}{no}}
   message = restricted characters in sender address
# END INSERT 000_restricted_chars
# BEGIN INSERT resolve_vhost_owner
warn
       condition  = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}}
       set acl_c_vhost_owner = ${perl{resolve_vhost_owner}}
##############################
Search for acl_smtp_rcpt: and add below content*
############################
deny
   condition = ${if lt {$exim_version}{4.92}{1}{0}}
   local_parts = \N^.*\$\{.*$\N
   message = restricted characters in recipient address
deny
   condition = ${if lt {$exim_version}{4.92}{1}{0}}
   senders = \N^.*\$\{.*$\N
   message = restricted characters in sender address
###########################
After that please do the below steps :
######################################
1: Remove /etc/ld.so.preload
rm -f /etc/ld.so.preload
rm -f /lib/libgrubd.so
2: check .ssh/authorized_keys file, if anything unusual entries in authorized_keys please clear all except ezeelogin server key and set attribute for .ssh/authorized_keys
Comments