Am 01.01.2024 um 20:25:54 Uhr schrieb Slavko via mailop: > Dňa 1. januára 2024 19:38:08 UTC používateľ Marco Moock via mailop > <mailop@mailop.org> napísal: > >Am 01.01.2024 um 17:58:47 Uhr schrieb Gellner, Oliver via mailop: > > > >> To exploit the issue, an email message needs to traverse two MTAs > >> that treat the EOM marker differently. The MTAs do not need to be > >> in a special trust relationship or allowed to relay to each other. > >> > > > > >Sorry for the second reply, but how does this work? > > > > > >Assumption: > >2nd MTA doesn't allow MX to relay through it. > > > >If the MX ignores LF and a second intra-site MTA acknowledges it, it > >would reply with "Relying denied" if the recipient address of the > >second mail is not local (Cw) or is allowed to be relayed through > >that MTA in any other way (e.g. access db To:j...@example.org RELAY). > > > >Please explain me how unauthenticated relaying works here. > >I am aware that this creates a bounce an can be used for backscatter > >(without checking DKIM nor SPF because MX sees only one message > > Consider to have 2 MTA, the first one receives message from public > net and does all checks and then delivers to second MTA for final > delivery. Thus, the second MTA doesn't need to check that again, > trusts the first one and just does final delivery. If both treats end > of DATA differently, the first can see only one message (thus does > only one check), but second MTA see two (or even more) messages, but > trusts that first MTA's checks, thus just delivers them all. No SPF > nor DMARC checks happens with smuggled message(s).
True, although, that can be used to send mail to local mailboxes only. To relay to an external sender, MX must be allowed to relay via the final destination MTA. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
