oss-sec mailing list archives
Re: New SMTP smuggling attack
From: Claus Assmann <ml+oss () esmtp org>
Date: Thu, 21 Dec 2023 14:46:56 +0000
Just for completeness: sendmail 8.18.0.2 has options to handle this too, e.g., Accept only CR LF . CR LF as end of an SMTP message as required by the RFCs when the new srv_features option 'o' is used. And for those who read the source code there's also an FFR: /* enable checking for "bare LF" in message */ "_FFR_BARE_LF",
Current thread:
- New SMTP smuggling attack Marcus Meissner (Dec 21)
- Re: New SMTP smuggling attack Claus Assmann (Dec 21)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 22)
- Re: Re: New SMTP smuggling attack Stuart Henderson (Dec 22)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 22)
- Re: Re: New SMTP smuggling attack Erik Auerswald (Dec 22)
- Re: Re: New SMTP smuggling attack Rodrigo Freire (Dec 22)
- Re: Re: New SMTP smuggling attack Alexander E. Patrakov (Dec 22)
- Re: Re: New SMTP smuggling attack Erik Auerswald (Dec 22)
- Re: Re: New SMTP smuggling attack Stuart D Gathman (Dec 22)
- Re: Re: New SMTP smuggling attack Harry Sintonen (Dec 22)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 22)
- Re: New SMTP smuggling attack Claus Assmann (Dec 21)
- Re: Re: New SMTP smuggling attack Bjoern Franke (Dec 22)