From 5c7fc69f5cb6e90cc22bef648f5027c7b3a10556 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 22 Jun 2014 12:58:29 -0400
Subject: [PATCH] Use anchored failregex for filters to avoid possible DoS --
 exim.conf

---
 config/filter.d/exim.conf | 9 ++++++++-
 debian/changelog          | 2 ++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/config/filter.d/exim.conf b/config/filter.d/exim.conf
index a25ef3db..2adea563 100644
--- a/config/filter.d/exim.conf
+++ b/config/filter.d/exim.conf
@@ -14,7 +14,14 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
+
+# In versions >= 0.8.11 below strings defined in exim-common.conf
+
+host_info = H=([\w.-]+ )?(\(\S+\) )?\[<HOST>\](:\d+)? (I=\[\S+\]:\d+ )?(U=\S+ )?(P=e?smtp )?
+pid = ( \[\d+\])?
+
+failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: Unrouteable address\s*$
+            ^%(pid)s \S+ F=(<>|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/debian/changelog b/debian/changelog
index adfb1dc9..4288ff1f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ fail2ban (0.8.6-3wheezy3) wheezy-security; urgency=high
     - CVE-2013-7177: cyrus-imap.conf - anchored on the front, and
       refactored to have a single failregex
     - couriersmtp.conf - anchored on both sides
+    - exim.conf - front-anchored versions picked up from exim.conf
+      and exim-spam.conf
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 22 Jun 2014 11:56:54 -0400