[Reposted, as I din't see the response show up]

CERT/CC reached out to Postfix developers. At no point were we made
aware that there was a successful SPF spoofing attack that required
the combination of TWO email services with SPECIFIC DIFFERENCES in
the way they handle line endings other than <CR><LF>.

If we had been aware we would certainly have convinced SEC Consult
to change their time schedule until after people had a chance to
update their Postfix systems.  

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to