Geert Hendrickx via Postfix-users: > On Sat, Dec 23, 2023 at 18:09:10 -0500, Wietse Venema via Postfix-users wrote: > > Note that only the encapsulating message can contain a DKIM signature > > by the authenticated sender's domain. The smuggled message caannot > > contain a DKIM signature by the impersonated sender's domain unless > > the attacker compromised their signing key. > > Or unless the DKIM signing is performed by a next-hop SMTP layer (or SMTP > proxy) within the sending organisation, and this one also interprets the > smuggled message as a separate one.
Here is another scenario. Suppose that the DKIM signature verification happens at the receiving perimeter MTA. That is, the 'whole' message signature is verified and attested to, before the message is passed on to an internal system that interprets the smuggled message as a separate one. In that case, the smuggled message will have bypased not only the DKIM and SPF checks at the receiving MTA, but also the open relay checks. That is, the smuggled message can have any recipient anywhere on the Internet, and it may even be DKIM signed on the way out if it has the right envelope.From and mail.From. This smuggling needs to be explored further. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org