OpenSMTPd and the "smuggling" attack

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenSMTPd and the "smuggling" attack

From:	Felix Lechner
Subject:	OpenSMTPd and the "smuggling" attack
Date:	Tue, 09 Jan 2024 17:29:15 -0800

Hi,

Due to the popularity of OpenSMTPd here, I thought the group might
appreciate that MTA is not affected by the "SMTP smuggling" attack [1]
like the other mail servers. [2]

According to #opensmtpd, our MTA does not support pipelining and is
therefore not vulnerable.

Some additional patches for hardening are being tested but they do not
currently play nice with all others.[3]

Kind regards
Felix

[1] https://marc.info/?l=oss-security&m=170316959409269&w=2
[2] https://marc.info/?l=oss-security&m=170341041116636&w=2
[3] https://marc.info/?l=openbsd-tech&m=170306668710940&w=2

[Prev in Thread]

Current Thread

[Next in Thread]

OpenSMTPd and the "smuggling" attack, Felix Lechner <=

Prev by Date: Re: Discontinuing data.guix.gnu.org?
Next by Date: Proposition to streamline our NAR collection to just zstd-compressed ones
Previous by thread: January hybrid Guix London meetup
Next by thread: Proposition to streamline our NAR collection to just zstd-compressed ones
Index(es):
- Date
- Thread