[pfx] Re: [pfx-ann] SMTP Smuggling, workarounds and fix

2023-12-29 Thread natan via Postfix-users
Hi A good idea in my opinion,  additionally add reject_sender_login_mismatch with maps (u...@domain.ltd user@domainltd) smtpd_sender_restrictions =     ...     reject_sender_login_mismatch,     ...     reject_unauth_pipelining, Than only reject_unauth_pipelining smtpd_data_restrictions =

[pfx] Re: [pfx-ann] SMTP Smuggling, workarounds and fix

2023-12-21 Thread Wietse Venema via Postfix-users
Viktor Dukhovni via Postfix-users: > On Thu, Dec 21, 2023 at 04:29:20PM -0500, Wietse Venema via Postfix-users > wrote: > > > > > https://gitlab.com/ohisee/block-shodan-stretchoid-census > > > > > > I feel no particular urge to block them. > > > > They apparently flag a lot more Postfix MTAs

[pfx] Re: [pfx-ann] SMTP Smuggling, workarounds and fix

2023-12-21 Thread Viktor Dukhovni via Postfix-users
On Thu, Dec 21, 2023 at 04:29:20PM -0500, Wietse Venema via Postfix-users wrote: > > > https://gitlab.com/ohisee/block-shodan-stretchoid-census > > > > I feel no particular urge to block them. > > They apparently flag a lot more Postfix MTAs than Exim ones. By "flag" you mean count instances

[pfx] Re: [pfx-ann] SMTP Smuggling, workarounds and fix

2023-12-21 Thread Wietse Venema via Postfix-users
Viktor Dukhovni via Postfix-users: > On Thu, Dec 21, 2023 at 03:08:57PM -0500, pgnd via Postfix-users wrote: > > > > This even includes "shodan" looking > > > > ugh. shodan. > > > > this can help a bit > > > > https://gitlab.com/ohisee/block-shodan-stretchoid-census > > I feel no particular

[pfx] Re: [pfx-ann] SMTP Smuggling, workarounds and fix

2023-12-21 Thread Viktor Dukhovni via Postfix-users
On Thu, Dec 21, 2023 at 03:08:57PM -0500, pgnd via Postfix-users wrote: > > This even includes "shodan" looking > > ugh. shodan. > > this can help a bit > > https://gitlab.com/ohisee/block-shodan-stretchoid-census I feel no particular urge to block them. -- Viktor.

[pfx] Re: [pfx-ann] SMTP Smuggling, workarounds and fix

2023-12-21 Thread Viktor Dukhovni via Postfix-users
On Thu, Dec 21, 2023 at 02:17:34PM -0500, Wietse Venema via Postfix-users wrote: > Kim Sindalsen via Postfix-users: > > I'm reading that either " smtpd_data_restrictions = > > reject_unauth_pipelining" or "smtpd_forbid_unauth_pipelining = yes" should > > *work* for shor-term workaround, right? >

[pfx] Re: [pfx-ann] SMTP Smuggling, workarounds and fix

2023-12-21 Thread Wietse Venema via Postfix-users
Kim Sindalsen via Postfix-users: > I'm reading that either " smtpd_data_restrictions = > reject_unauth_pipelining" or "smtpd_forbid_unauth_pipelining = yes" should > *work* for shor-term workaround, right? They look for the same thing but at different times. > I've had data-restrictions for

[pfx] Re: [pfx-ann] SMTP Smuggling, workarounds and fix

2023-12-21 Thread Kim Sindalsen via Postfix-users
> -Original Message- > From: Wietse Venema via Postfix-announce > Sent: 21. december 2023 13:52 > To: Postfix announce > Cc: Postfix users > Subject: [pfx-ann] SMTP Smuggling, workarounds and fix > > SHORT-TERM WORKAROUNDS > > A short-term workaround can be deployed now, before the