On 21/12/23 09:20, Herbert J. Skuhra via Postfix-devel wrote:
On Wed, Dec 20, 2023 at 09:12:47PM +0100, John D'Orazio via Postfix-devel wrote:
Please excuse me if this has been asked before, but I haven't found any
information in the archives or on the postfix github repo. I recently
encountered on a server of my own a case of SMTP smuggling. I was befuddled
by the fact that I received a message which appeared to be coming from my
own email address, even though from the headers I could see that the true
actor was sending from an IP address from another country. And yet the
email passed SPF and DKIM!
I'm now seeing a lot of articles popping up on the web about SMTP
smuggling, and this seems to be exactly what happened in this case.
See for example:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
I won't post all the links because a simple Google search will bring up
many results from one day ago or a few hours ago, it seems to be a hot
topic now. It seems that Exchange servers have fixed the vulnerability in
October 2023, from what I'm reading online. However some articles I have
read are saying that Postfix is vulnerable to these kinds of attacks.
Does anyone have any information on how to mitigate these attacks? Is a
patch to Postfix feasible to protect against this vulnerability? Has a
patch already been put in place?
https://www.mail-archive.com/postfix-users@postfix.org/msg100858.html
https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html
...and https://www.postfix.org/smtp-smuggling.html
Peter
_______________________________________________
Postfix-devel mailing list -- postfix-devel@postfix.org
To unsubscribe send an email to postfix-devel-le...@postfix.org
