Geert Hendrickx via Postfix-users:
> On Sat, Dec 23, 2023 at 18:09:10 -0500, Wietse Venema via Postfix-users wrote:
> > Note that only the encapsulating message can contain a DKIM signature
> > by the authenticated sender's domain. The smuggled message caannot
> > contain a DKIM signature by the impersonated sender's domain unless
> > the attacker compromised their signing key.
>
> Or unless the DKIM signing is performed by a next-hop SMTP layer (or SMTP
> proxy) within the sending organisation, and this one also interprets the
> smuggled message as a separate one.
Here is another scenario.
Suppose that the DKIM signature verification happens at the receiving
perimeter MTA. That is, the 'whole' message signature is verified
and attested to, before the message is passed on to an internal
system that interprets the smuggled message as a separate one.
In that case, the smuggled message will have bypased not only the DKIM
and SPF checks at the receiving MTA, but also the open relay checks.
That is, the smuggled message can have any recipient anywhere on
the Internet, and it may even be DKIM signed on the way out if it
has the right envelope.From and mail.From.
This smuggling needs to be explored further.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
