Dnia 1.01.2024 o godz. 23:10:22 Jaroslaw Rafa via mailop pisze:
>
> This is basically equal to the new configuration setting
> "smtpd_forbid_unauth_pipelining = no" which is a default for Postfix
> versions >= 3.9.
Sorry, of course I made a mistake here. I meant
"smtpd_forbid_unauth_pipelining
Dňa 1. januára 2024 21:31:19 UTC používateľ Marco Moock via mailop
napísal:
>True, although, that can be used to send mail to local mailboxes only.
>To relay to an external sender, MX must be allowed to relay via the
>final destination MTA.
I will consider that by "relay to an external sender"
Dnia 1.01.2024 o godz. 21:53:59 Gellner, Oliver via mailop pisze:
>
> Yes, but as with Postfix the update alone does not fix the vulnerability.
> You have to additionally change the config as instructed. The vendors and
> distributions don’t do this automatically as this changes the behavior of
On 01.01.2024 at 20:38 Marco Moock wrote:
Am 01.01.2024 um 17:58:47 Uhr schrieb Gellner, Oliver via mailop:
To exploit the issue, an email message needs to traverse two MTAs
that treat the EOM marker differently. The MTAs do not need to be in
a special trust relationship or allowed to relay to
Am 01.01.2024 um 20:25:54 Uhr schrieb Slavko via mailop:
> Dňa 1. januára 2024 19:38:08 UTC používateľ Marco Moock via mailop
> napísal:
> >Am 01.01.2024 um 17:58:47 Uhr schrieb Gellner, Oliver via mailop:
> >
> >> To exploit the issue, an email message needs to traverse two MTAs
> >> that
Am 01.01.2024 um 15:56:02 Uhr schrieb John Covici via mailop:
> Thanks much -- that version is not in my repository yet, but I will
> keep an eye out for it.
That is a snapshot - a release for testing - and such releases are
normally not in the normal repos of the distributions.
I dunno when
Thanks much -- that version is not in my repository yet, but I will
keep an eye out for it.
On Mon, 01 Jan 2024 13:53:57 -0500,
ml+mailop--- via mailop wrote:
>
> On Mon, Jan 01, 2024, John Covici via mailop wrote:
> > I use sendmail 8.17.1.9 under gentoo -- any patch for that one to fix this?
Dňa 1. januára 2024 19:38:08 UTC používateľ Marco Moock via mailop
napísal:
>Am 01.01.2024 um 17:58:47 Uhr schrieb Gellner, Oliver via mailop:
>
>> To exploit the issue, an email message needs to traverse two MTAs
>> that treat the EOM marker differently. The MTAs do not need to be in
>> a
Am Mon, Jan 01, 2024 at 06:53:57PM + schrieb ml+mailop--- via mailop:
> > I use sendmail 8.17.1.9 under gentoo -- any patch for that one to fix this?
>
> Upgrade to 8.18.0.2,:
Additionally needs "Srv_Features: o" for sendmail to only accept CR LF . CR LF
as end of an SMTP message.
Am 01.01.2024 um 10:17:25 Uhr schrieb Randolf Richardson, Postmaster
via mailop:
> > > On 28.12.2023 at 20:29 Marco Moock via mailop wrote:
> > >
> > > Am 28.12.2023 um 18:15:39 Uhr schrieb Tom Perrine via mailop:
> > >
> > >> Has anyone detected or seen any evidence of SMTP smuggling in the
>
Am 01.01.2024 um 17:58:47 Uhr schrieb Gellner, Oliver via mailop:
> To exploit the issue, an email message needs to traverse two MTAs
> that treat the EOM marker differently. The MTAs do not need to be in
> a special trust relationship or allowed to relay to each other.
Sorry for the second
Am 01.01.2024 um 17:58:47 Uhr schrieb Gellner, Oliver via mailop:
> The vulnerability is not super critical, but it has been fixed only
> for a very small subset of affected systems. All kind of MTAs from
> Postfix to Sendmail, Exim and various proprietary systems are
> affected and the
On Mon, Jan 01, 2024, John Covici via mailop wrote:
> I use sendmail 8.17.1.9 under gentoo -- any patch for that one to fix this?
Upgrade to 8.18.0.2,:
https://ftp.sendmail.org/snapshots/sendmail.8.18.0.2.tar.gz
https://ftp.sendmail.org/snapshots/sendmail.8.18.0.2.tar.gz.sig
I use sendmail 8.17.1.9 under gentoo -- any patch for that one to fix this?
On Mon, 01 Jan 2024 12:58:47 -0500,
Gellner, Oliver via mailop wrote:
>
>
> > On 28.12.2023 at 20:29 Marco Moock via mailop wrote:
> >
> > Am 28.12.2023 um 18:15:39 Uhr schrieb Tom Perrine via mailop:
> >
> >> Has
> > On 28.12.2023 at 20:29 Marco Moock via mailop wrote:
> >
> > Am 28.12.2023 um 18:15:39 Uhr schrieb Tom Perrine via mailop:
> >
> >> Has anyone detected or seen any evidence of SMTP smuggling in the
> >> wild?
> >>
> >> I´m trying to get an independent read on how quickly the bad actors
> >>
> On 28.12.2023 at 20:29 Marco Moock via mailop wrote:
>
> Am 28.12.2023 um 18:15:39 Uhr schrieb Tom Perrine via mailop:
>
>> Has anyone detected or seen any evidence of SMTP smuggling in the
>> wild?
>>
>> I’m trying to get an independent read on how quickly the bad actors
>> have (or haven’t)
Am 28.12.23 um 19:15 schrieb Tom Perrine via mailop:
Has anyone detected or seen any evidence of SMTP smuggling in the wild?
I’m trying to get an independent read on how quickly the bad actors have (or
haven’t) picked up on this, yet.
known scanners (shodan, qualys & co) are generating
Am 28.12.2023 um 18:15:39 Uhr schrieb Tom Perrine via mailop:
> Has anyone detected or seen any evidence of SMTP smuggling in the
> wild?
>
> I’m trying to get an independent read on how quickly the bad actors
> have (or haven’t) picked up on this, yet.
According to the information I read, it
18 matches
Mail list logo
