> On 28.12.2023 at 20:29 Marco Moock via mailop wrote: > > Am 28.12.2023 um 18:15:39 Uhr schrieb Tom Perrine via mailop: > >> Has anyone detected or seen any evidence of SMTP smuggling in the >> wild? >> >> I’m trying to get an independent read on how quickly the bad actors >> have (or haven’t) picked up on this, yet. > > According to the information I read, it affected some hosting solutions > at 1und1/IONOS, but that has been fixed.
The vulnerability is not super critical, but it has been fixed only for a very small subset of affected systems. All kind of MTAs from Postfix to Sendmail, Exim and various proprietary systems are affected and the vulnerability generally remains unfixed until the administrators adjust the configuration of their system. I haven’t heard of any large scale exploitation in the past, but I imagine that spammers will include the technique in their toolset for the future. > Although, it needs to have certain circumstances, so the sending server > (for example a submission server for the customer) must accept it as one > message and the receiving server (e.g. the outgoing relay) must > interpret it as 2 messages and the 1. server need to be allowed to > relay through the second one for the really bad attacks > (unauthenticated relaying). To exploit the issue, an email message needs to traverse two MTAs that treat the EOM marker differently. The MTAs do not need to be in a special trust relationship or allowed to relay to each other. — BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop