Attack against postfix allows sending of spoofed mail (www.postfix.org)

submitted 9 months ago by johnassel@discuss.tchncs.de to c/cybersecurity@infosec.pub

1 comments fedilink hide all child comments

FYI: Postfix has currently an unpatched vulnerability which allows sending of spoofed mail: https://www.postfix.org/smtp-smuggling.html

A fix is currently not available but to have peaceful holidays one should have these lines in the configuration as a workaround:

main.cf:
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_discard_ehlo_keywords = chunking

top 1 comments

sorted by: hot top controversial new old

[-] azron@lemmy.ml 3 points 9 months ago* (last edited 9 months ago)

The "smuggled" SMTP MAIL/RCPT/DATA commands and header plus body text can be used to spoof an email message from any MAIL FROM address whose domain is hosted at email service A, to any RCPT TO address whose domain is hosted at email service B.

If I understand this correctly someone can use Microsoft/other commercial services to email a domain running postfix and make it comes from anyone on the initial service to anyone on the postfix domain. Nice. Good for targeted attacks and probably not bad to get some spam out.

Merry Christmas postfix.

Mailcow tracking bug, they claim the fix in the parent may cause the blocking of legimate traffic from incorrectly implemented smtp servers.

this post was submitted on 24 Dec 2023

18 points (100.0% liked)

cybersecurity

3164 readers

1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub