> ... and here is the EXIM EXPLOIT :
> https://github.com/RUB-NDS/alpaca-code/blob/master/exploits/smtp/02-exim.md
That's interesting because I expected a
503 no greeting received yet
if a throw a "mail from:..." to Exim before EHLO/HELO. But in the case the
address given is invalid it is indeed
Am 09.06.21 um 22:03 schrieb Heiko Schlittermann via Exim-users:
|smtp_max_synprot_errors|Use: main|Type: integer|Default: 3|
A small follow-up on my change of this config on a -> very low traffic
<- mail-server in less than 18h after activation:
2021-06-10 17:09:54 SMTP call from [134.122
On 11/06/2021 07:58, Cyborg via Exim-users wrote:
gnutls, libre and opensslĀ also need time to offer api functions
GnuTLS and OpenSSL support ALPN already, in current versions.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http:
Am 11.06.21 um 00:37 schrieb Jeremy Harris via Exim-users:
On 10/06/2021 13:52, Cyborg via Exim-users wrote:
After reading the paper a bit closer, rejecting the entire connection
when a HTTP headerline is detected,
seems to be only valid option here, as long as ALPN isn't implemented
widely.
On 10/06/2021 13:52, Cyborg via Exim-users wrote:
After reading the paper a bit closer, rejecting the entire connection when a
HTTP headerline is detected,
seems to be only valid option here, as long as ALPN isn't implemented widely.
Do we need ACL-level visibilty of a synprot-rejected line?
Am 10.06.21 um 11:18 schrieb Jeremy Harris via Exim-users:
It's beyond most script-kiddies, at least.
Email has no current standard for using ALPN; do we need one?
That is suggested as mitigation for this attack.
Exim does support SNI, which is also suggested (but only
used if explicitly config
On 09/06/2021 22:10, Cyborg via Exim-users wrote:
I'm trying to get more infos about that attack vector from the german
universities which found it, and will make some tests if possible, so we see
what we actually have to defend against.
"The attacks, however, hinge on the prerequisite that t
Am 09.06.21 um 22:03 schrieb Heiko Schlittermann via Exim-users:
Cyborg via Exim-users (Mi 09 Jun 2021 21:13:43 CEST):
Don#t get me wrong, exim is at the top of this "best of the worse" list,
because it stops after 3 retriesm but other server like proftpd have already
reacted to this by impleme
Cyborg via Exim-users (Mi 09 Jun 2021 21:13:43 CEST):
> Don#t get me wrong, exim is at the top of this "best of the worse" list,
> because it stops after 3 retriesm but other server like proftpd have already
> reacted to this by implementing countermeasures. This can also be seen in
> the mentione
Context:
https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html?
See figure 1 right column line #2
--
A few weeks ago, I suggested to take care of these freaks, that redirect
HTTP requests to SMTP Ports,
spamming logs and wasting valueable hamstertime.
As it look
10 matches
Mail list logo
