Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-05 Thread Stefan Hajnoczi 
Hi Jakob,
Thanks for sharing the RFC 7505 Null MX and SPF TXT DNS record info.
Thomas Huth pointed out this email thread to me and domain names
belonging to the QEMU project have been updated to prevent email
spoofing.

Stefan


signature.asc
Description: PGP signature

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-03 Thread Jakob Bohm 

On 2020-11-03 16:09, Peter Maydell wrote:

On Tue, 3 Nov 2020 at 14:23, Jakob Bohm  wrote:

I just checked, the project admins still haven't fixed the qemu.org DNS as per 
best practice (see my previous mail).

qemu.org doesn't run a mail service anyway -- there are no
qemu.org email addresses.

Best current practice is to have DNS records telling potential mail
recipients that no email addresses exist for a domain.

This is a side effect of the ancient rule that any A record functions
as an implicit delivery point for incoming mail, making it formally
valid to send mail from any DNS domain name with an IP address.

The current way of doing that is to add the following records:

    MX 0 .
    TXT "v=spf1 -all"

Older software will recognize that TXT record as a request to reject
SMTP connections with HELO or MAIL FROM specifying the DNS name,
while the "MX 0 ." record is from a newer specification.

As prohibited by DNS, these records are not needed for a DNS name
that points to a CNAME, such as "www.qemu.org".

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-03 Thread Peter Maydell 
On Tue, 3 Nov 2020 at 14:23, Jakob Bohm  wrote:
>
> I just checked, the project admins still haven't fixed the qemu.org DNS as 
> per best practice (see my previous mail).

qemu.org doesn't run a mail service anyway -- there are no
qemu.org email addresses.

thanks
-- PMM

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-03 Thread Jakob Bohm 
I just checked, the project admins still haven't fixed the qemu.org DNS 
as per best practice (see my previous mail).


On 2020-11-03 01:09, Atik Islam wrote:

Hi There
 any update ?
 Thanks


On Fri, Mar 20, 2020 at 2:40 AM Atik Islam > wrote:





 Hi,
Severity : High.
Introduction:
There is a email spoofing vulnerability.Email spoofing is the
forgery of an email header so that the message appears to have
originated from someone or somewhere other than the actual source.
Email spoofing is a tactic used in phishing and spam campaigns
because people are more likely to open an email when they think it
has been sent by a legitimate source. The goal of email spoofing
is to get recipients to open, and possibly even respond to, a
solicitation.

Steps to Reproduce:

1.goto http://www.kitterman.com/spf/validate.html

2.Enter domain name: www.qemu.org  and click
spf record if any under "Does my domain already have an SPF
record? What is it? Is it valid?"
3.You will see that no valid spf protection.
4.So that why i try to send email using qemu-discuss@nongnu.org
 and i was successfully delivered
the messege to my email address.

In addition to above checking,

I used https://emkei.cz/  and send a test mail
using www.qemu.orgdomain which was delivered successfully.This
further confirms that the emails spoofed.

Impact
An attacker would send a Fake email. The results can be more
dangerous.





Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-03 Thread Jakob Bohm 
I just checked, the project admins still haven't fixed the qemu.org DNS 
as per best practice (see my previous mail).


On 2020-11-03 01:09, Atik Islam wrote:

Hi There
 any update ?
 Thanks


On Fri, Mar 20, 2020 at 2:40 AM Atik Islam > wrote:





 Hi,
Severity : High.
Introduction:
There is a email spoofing vulnerability.Email spoofing is the
forgery of an email header so that the message appears to have
originated from someone or somewhere other than the actual source.
Email spoofing is a tactic used in phishing and spam campaigns
because people are more likely to open an email when they think it
has been sent by a legitimate source. The goal of email spoofing
is to get recipients to open, and possibly even respond to, a
solicitation.

Steps to Reproduce:

1.goto http://www.kitterman.com/spf/validate.html

2.Enter domain name: www.qemu.org  and click
spf record if any under "Does my domain already have an SPF
record? What is it? Is it valid?"
3.You will see that no valid spf protection.
4.So that why i try to send email using qemu-discuss@nongnu.org
 and i was successfully delivered
the messege to my email address.

In addition to above checking,

I used https://emkei.cz/  and send a test mail
using www.qemu.orgdomain which was delivered successfully.This
further confirms that the emails spoofed.

Impact
An attacker would send a Fake email. The results can be more
dangerous.




--
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com 

Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10 


This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-11-02 Thread Atik Islam 
Hi There
 any update ?
 Thanks


On Fri, Mar 20, 2020 at 2:40 AM Atik Islam  wrote:

>
>
>
>  Hi,
> Severity : High.
> Introduction:
> There is a email spoofing vulnerability.Email spoofing is the forgery of
> an email header so that the message appears to have originated from someone
> or somewhere other than the actual source. Email spoofing is a tactic used
> in phishing and spam campaigns because people are more likely to open an
> email when they think it has been sent by a legitimate source. The goal of
> email spoofing is to get recipients to open, and possibly even respond to,
> a solicitation.
>
> Steps to Reproduce:
>
> 1.goto http://www.kitterman.com/spf/validate.html
> 2.Enter domain name: www.qemu.org and click spf record if any under "Does
> my domain already have an SPF record? What is it? Is it valid?"
> 3.You will see that no valid spf protection.
> 4.So that why i try to send email using qemu-discuss@nongnu.org and i was
> successfully delivered the messege to my email address.
>
> In addition to above checking,
>
> I used https://emkei.cz/ and send a test mail using www.qemu.orgdomain
> which was delivered successfully.This further confirms that the emails
> spoofed.
>
> Impact
> An attacker would send a Fake email. The results can be more dangerous.
>

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

2020-03-20 Thread Jakob Bohm 

Clarification:  Both qemu.org and www.qemu.org need (but lack) SPF records.

Steps to reproduce:
$ host -t TXT qemu.org
qemu.org has no TXT record
$ host -t TXT www.qemu.org
www.qemu.org is an alias for qemu.org.

Expected output (if no @qemu.org e-mail addresses):
$ host -t TXT qemu.org
qemu.org descriptive text "v=spf1 -all"
$ host -t TXT www.qemu.org
www.qemu.org is an alias for qemu.org.

On 19/03/2020 21:40, Atik Islam wrote:




 Hi,
Severity : High.
Introduction:
There is a email spoofing vulnerability.Email spoofing is the forgery 
of an email header so that the message appears to have originated from 
someone or somewhere other than the actual source. Email spoofing is a 
tactic used in phishing and spam campaigns because people are more 
likely to open an email when they think it has been sent by a 
legitimate source. The goal of email spoofing is to get recipients to 
open, and possibly even respond to, a solicitation.


Steps to Reproduce:

1.goto http://www.kitterman.com/spf/validate.html
2.Enter domain name: www.qemu.org  and click spf 
record if any under "Does my domain already have an SPF record? What 
is it? Is it valid?"

3.You will see that no valid spf protection.
4.So that why i try to send email using qemu-discuss@nongnu.org 
 and i was successfully delivered the 
messege to my email address.


In addition to above checking,

I used https://emkei.cz/ and send a test mail using www.qemu.orgdomain 
which was delivered successfully.This further confirms that the emails 
spoofed.


Impact
An attacker would send a Fake email. The results can be more dangerous.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded