> > On 28.12.2023 at 20:29 Marco Moock via mailop wrote:
> >
> > Am 28.12.2023 um 18:15:39 Uhr schrieb Tom Perrine via mailop:
> >
> >> Has anyone detected or seen any evidence of SMTP smuggling in the
> >> wild?
> >>
> >> I´m trying to get an independent read on how quickly the bad actors
> >> have (or haven´t) picked up on this, yet.
> >
> > According to the information I read, it affected some hosting solutions
> > at 1und1/IONOS, but that has been fixed.
>
> The vulnerability is not super critical, but it has been fixed only for a
> very small subset of affected systems. All kind of MTAs from Postfix to
> Sendmail, Exim and various proprietary systems are affected and the
> vulnerability generally remains unfixed until the administrators adjust the
> configuration of their system.
> I haven´t heard of any large scale exploitation in the past, but I imagine
> that spammers will include the technique in their toolset for the future.
It is critical because it invovles the use of a system for
unauthorized purposes -- namely, sending spam, distributing viruses
and other malicious software, etc. This justifies classifying SMTP
Smuggling as a "security" issue, which I regard as critical.
The're also the underlying threat to a healthy mail system getting
blacklisted, which also justifies classifying this as "critical" in
my opinion.
> > Although, it needs to have certain circumstances, so the sending server
> > (for example a submission server for the customer) must accept it as one
> > message and the receiving server (e.g. the outgoing relay) must
> > interpret it as 2 messages and the 1. server need to be allowed to
> > relay through the second one for the really bad attacks
> > (unauthenticated relaying).
>
> To exploit the issue, an email message needs to traverse two MTAs that treat
> the EOM marker differently. The MTAs do not need to be in a special trust
> relationship or allowed to relay to each other.
As I understand it, such techniques can be automated, which means
that spamware could be created that takes advantage of the SMTP
Smuggling exploit.
--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
