> > On 28.12.2023 at 20:29 Marco Moock via mailop wrote: > > > > Am 28.12.2023 um 18:15:39 Uhr schrieb Tom Perrine via mailop: > > > >> Has anyone detected or seen any evidence of SMTP smuggling in the > >> wild? > >> > >> I´m trying to get an independent read on how quickly the bad actors > >> have (or haven´t) picked up on this, yet. > > > > According to the information I read, it affected some hosting solutions > > at 1und1/IONOS, but that has been fixed. > > The vulnerability is not super critical, but it has been fixed only for a > very small subset of affected systems. All kind of MTAs from Postfix to > Sendmail, Exim and various proprietary systems are affected and the > vulnerability generally remains unfixed until the administrators adjust the > configuration of their system. > I haven´t heard of any large scale exploitation in the past, but I imagine > that spammers will include the technique in their toolset for the future.
It is critical because it invovles the use of a system for unauthorized purposes -- namely, sending spam, distributing viruses and other malicious software, etc. This justifies classifying SMTP Smuggling as a "security" issue, which I regard as critical. The're also the underlying threat to a healthy mail system getting blacklisted, which also justifies classifying this as "critical" in my opinion. > > Although, it needs to have certain circumstances, so the sending server > > (for example a submission server for the customer) must accept it as one > > message and the receiving server (e.g. the outgoing relay) must > > interpret it as 2 messages and the 1. server need to be allowed to > > relay through the second one for the really bad attacks > > (unauthenticated relaying). > > To exploit the issue, an email message needs to traverse two MTAs that treat > the EOM marker differently. The MTAs do not need to be in a special trust > relationship or allowed to relay to each other. As I understand it, such techniques can be automated, which means that spamware could be created that takes advantage of the SMTP Smuggling exploit. -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop