Happy new year.
I just stumbled upon this "novel technique for e-mail spoofing":
https://www.postfix.org/smtp-smuggling.html
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
https://media.ccc.de/v/37c3-11782-smtp_smuggling_spoofing_e-mails_worldwide
Given that among others Postfix, Sendmail and Exchange Online are/were
effected it raises the question whether OpenSMTPD is affected as well.
Can someone from the project comment on this?
Apparently the problem arrases if the server is lenient with the end of
data sequence
<CR><LF>.<CR><LF>
