On Mon 01 Jan 2024, Thomas Bohl wrote: > > I just stumbled upon this "novel technique for e-mail spoofing": > https://www.postfix.org/smtp-smuggling.html > https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ > https://media.ccc.de/v/37c3-11782-smtp_smuggling_spoofing_e-mails_worldwide > > Given that among others Postfix, Sendmail and Exchange Online are/were > effected it raises the question whether OpenSMTPD is affected as well. > > Can someone from the project comment on this? > > Apparently the problem arrases if the server is lenient with the end > of data sequence > <CR><LF>.<CR><LF>
https://marc.info/?l=openbsd-tech&m=170306668710940&w=2