Jonas Schäfer on Nostr: https://www.postfix.org/smtp-smuggling.html "SMTP Smuggling" vulnerability in Postfix ...
https://www.postfix.org/smtp-smuggling.html
"SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.
Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.
Boosts for awareness welcome.
"SMTP Smuggling" vulnerability in Postfix allows to spoof senders even in the presence of some DMARC checks. Configuration workarounds exist.
Also, a wholehearted f* you to SEC Consult, who sat on this since June and disclosed it to some closed-source vendors and MSPs, but could apparently not be bothered to give e.g. Postfix a heads-up, publishing this close to the holidays.
Boosts for awareness welcome.