[mailop] Zero-day RCE for exim - whacky stats?

[Jay R. Ashworth via mailop]

I haven't even heard exim *mentioned* in like 20 years; these stats can't be
right, can they?

https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/

Hat tip: Lauren @ Privacy

Cheers,
-- jra

-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft announces DANE for Exchange Online Inbound starting next year

[Andrew C Aitchison via mailop]

On Fri, 29 Sep 2023, Philip Paeps via mailop wrote:


On 2023-09-28 03:13:27 (+0800), Mike Hillyer via mailop wrote:
Breaking news, Microsoft is pulling the trigger on DANE next year: 
Implementing Inbound SMTP DANE with DNSSEC for Exchange Online Mail Flow


This is good news.  Hopefully this will encourage more organisations to 
finally enable DNSSEC (and DANE).



Much agreed.

Also, it appears that it will come with a naming change for MX records, 
with mx.microsoft being the new root, so it will need to be used/added to 
traffic shaping rulesets along with mail.protection.outlook.com


Interesting that they're putting this in an entirely new TLD.  I can imagine 
several reasons why signing microsoft.com or outlook.com would be 
impractical, but I'm slightly surprised they're not using a new domain in a 
well-known generic TLD.


They may have been planning this tld for a while. whois says:
status:   ACTIVE
remarks:  Registration information: http://www.microsoft.com
created:  2015-04-30
changed:  2023-09-27

I bet a common misconfiguration will be admins automatically typing .com 
after .microsoft. :-)


... and vice versa.

--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop