Dňa 1. januára 2024 19:38:08 UTC používateľ Marco Moock via mailop <mailop@mailop.org> napísal: >Am 01.01.2024 um 17:58:47 Uhr schrieb Gellner, Oliver via mailop: > >> To exploit the issue, an email message needs to traverse two MTAs >> that treat the EOM marker differently. The MTAs do not need to be in >> a special trust relationship or allowed to relay to each other. >
>Sorry for the second reply, but how does this work? > > >Assumption: >2nd MTA doesn't allow MX to relay through it. > >If the MX ignores LF and a second intra-site MTA acknowledges it, it >would reply with "Relying denied" if the recipient address of the >second mail is not local (Cw) or is allowed to be relayed through that >MTA in any other way (e.g. access db To:j...@example.org RELAY). > >Please explain me how unauthenticated relaying works here. >I am aware that this creates a bounce an can be used for backscatter >(without checking DKIM nor SPF because MX sees only one message Consider to have 2 MTA, the first one receives message from public net and does all checks and then delivers to second MTA for final delivery. Thus, the second MTA doesn't need to check that again, trusts the first one and just does final delivery. If both treats end of DATA differently, the first can see only one message (thus does only one check), but second MTA see two (or even more) messages, but trusts that first MTA's checks, thus just delivers them all. No SPF nor DMARC checks happens with smuggled message(s). Or vice versa. First is MSA, which checks, that sender (MAIL FROM) is allowed for that (authenticated) user and if yes, allows to relay that (one) message, but confused receiver will again see two (or more) messages. The smuggled message can thus bypass sender checking on MSA and if smuggled message uses another domain hosted on the same system, its SPF will pass, and thus its DMARC will pass... regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
