On 2023-01-14 at 17:33 +0200, Mary wrote:
> Thank you, I'll take a closer look, because Shellshock implies that
> somehow the SMTPD executes a bash script, which I find highly
> unlikely. That is why I thought they are trying to exploit something
> further down the pipeline (Logstash, Prometheus, e
Mary via mailop skrev den 2023-01-14 16:33:
Thank you, I'll take a closer look, because Shellshock implies that
somehow the SMTPD executes a bash script, which I find highly
unlikely. That is why I thought they are trying to exploit something
further down the pipeline (Logstash, Prometheus, etc).
On 2023-01-14 at 09:16:05 UTC-0500 (Sat, 14 Jan 2023 16:16:05 +0200)
Mary via mailop
is rumored to have said:
Within the past several days, I've been monitoring a kind of exploit
that affects the 'from' RCPT part of the smtp conversation:
```
postfix/postscreen[633104]: PREGREET 8 after 0.09
Thank you, I'll take a closer look, because Shellshock implies that somehow the
SMTPD executes a bash script, which I find highly unlikely. That is why I
thought they are trying to exploit something further down the pipeline
(Logstash, Prometheus, etc).
On Sat, 14 Jan 2023 14:41:17 + Col
I received one of these bad girls to my Nightmare Mail (fork of notqmail),
albeit with a different argument to the attempted wget command (which was never
processed, though my mailserver was able to successfully make delivery of this
technically non-compliant message). It seems to my friends to
Within the past several days, I've been monitoring a kind of exploit that
affects the 'from' RCPT part of the smtp conversation:
```
postfix/postscreen[633104]: PREGREET 8 after 0.09 from [159.89.232.70]:52350:
HELO x\r\n
postfix/postscreen[633104]: NOQUEUE: reject: RCPT from [159.89.232.70]:52
