Please excuse me if this has been asked before, but I haven't found any information in the archives or on the postfix github repo. I recently encountered on a server of my own a case of SMTP smuggling. I was befuddled by the fact that I received a message which appeared to be coming from my own email address, even though from the headers I could see that the true actor was sending from an IP address from another country. And yet the email passed SPF and DKIM!
I'm now seeing a lot of articles popping up on the web about SMTP smuggling, and this seems to be exactly what happened in this case. See for example: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ I won't post all the links because a simple Google search will bring up many results from one day ago or a few hours ago, it seems to be a hot topic now. It seems that Exchange servers have fixed the vulnerability in October 2023, from what I'm reading online. However some articles I have read are saying that Postfix is vulnerable to these kinds of attacks. Does anyone have any information on how to mitigate these attacks? Is a patch to Postfix feasible to protect against this vulnerability? Has a patch already been put in place?
_______________________________________________ Postfix-devel mailing list -- postfix-devel@postfix.org To unsubscribe send an email to postfix-devel-le...@postfix.org
