On 2023-12-18 at 11:31:47 UTC-0500 (Mon, 18 Dec 2023 16:31:47 +0000)
Vijay S Sarvepalli via Postfix-users <vssarvepa...@cert.org>
is rumored to have said:
Hello Viktor, Wietse,
(I am copying the Postfix community as the report is out in the public
now)
First of all thank you for your help and response to highlight your
approach to this issue. This may not be the first time you have
observed types of abuse that relate to spoofing.
This research work has now been published by Sec Consult company, see
link below .
It is interesting that they seem to be unaware of some SMTP basics, such
as the fact that message bodies, message headers, and the SMTP protocol
have different format rules, defined in different RFCs that are clearly
marked as such. They seem to think that the problem is grounded in
legitimate misunderstanding of imprecise RFCs, when it seems clear to me
that there's one right interpretation.
That very much ruins my ability to take what they are saying seriously.
I believe they tested against the proprietary systems cited and found
the issue, I find it extremely suspect that they show no examples for
Semndmail or Postfix, merely an assertion.
The Postfix issues the researcher mentions, we were not able to
actually reproduce
This is unsuprising.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
