[Reposted, as I din't see the response show up] CERT/CC reached out to Postfix developers. At no point were we made aware that there was a successful SPF spoofing attack that required the combination of TWO email services with SPECIFIC DIFFERENCES in the way they handle line endings other than <CR><LF>.
If we had been aware we would certainly have convinced SEC Consult to change their time schedule until after people had a chance to update their Postfix systems. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org