Hello,
I have written a detailed write-up about the recent event:
https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
Hope it clarifies what happened and what we intend to do to avoid it in the
future.
Gilles
Hello list,
Today I just noticed something in my maillog that I figured I should
report. The log output is sanitized.
Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp connected
address= host=mail.example.com
Jan 31 13:31:23 meow smtpd[12615]: fe92e766062cfe9b smtp tls
ciphers=TLSv1.2:ECDHE
Not sure if its a documentation bug or not, but smtpd-filters.7 states
the following:
For all phases, excepted "data-line", the responses must follow the same
construct, a message type "filter-result", followed by the unique
session
id, the opaque token, a decision and optional deci