https://www.postfix.org/smtp-smuggling.html
"SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.
Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.
Boosts for awareness welcome.
Jonas Schäfer /
npub1t4…a997p
2023-12-21 14:51:48
Author Public Key
npub1t4ulu9h7ekwel4eweelmtuzzpl7veq3dtyu4q63hw839fjf8mh5s6a997pPublished at
2023-12-21 14:51:48Event JSON
{
"id": "9e3c257c82fbaae1e9df59d60f03a75eb45a1b9759b0ccd6c3bc849ad09c9a05",
"pubkey": "5d79fe16fecd9d9fd72ece7fb5f0420ffccc822d5939506a3771e254c927dde9",
"created_at": 1703170308,
"kind": 1,
"tags": [
[
"proxy",
"https://zombofant.net/users/jssfr/statuses/111618969359339789",
"activitypub"
]
],
"content": "https://www.postfix.org/smtp-smuggling.html\n\n\"SMTP Smuggling\" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.\n\nAlso, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.\n\nBoosts for awareness welcome.",
"sig": "14031ff5d07766fe680a68480d9553d273cc2c1468b3b82354078a5954ba5c42d4033125c7d3940a589dcfcf825aa8c8da4ce3b67d8b64fabe2ce074c5a24f26"
}