> On 18.12.2023 at 19:06 Slavko via mailop wrote:
>
>> Why should everyone else be forced to do that?
>
> IMO for tracking purpose... Either, for good reason -- to track DKIM's domain
> reputation, or other reason, as signed user@domain is more reliable source
> than random user@domain (and signed
On Wed, Dec 20, 2023 at 14:49:20 +, Gellner, Oliver via mailop wrote:
> Postfix is potentially vulnerable as for compatibility with broken
> clients it accepts . as an end-of-data command. Well, at least
> it did, Wietse has introduced a flag which fixes this kind of message
> smuggling:
>
> >
I +1 as well. I’ve used a few services over the years, and it helps a lot.
-Udeme
On Tue, Dec 19, 2023 at 10:47 PM Jesse Thompson via mailop <
mailop@mailop.org> wrote:
> On Tue, Dec 19, 2023, at 7:20 PM, Tara Natanson via mailop wrote:
>
> On Tue, Dec 19, 2023 at 3:29 PM Eduardo Diaz Comellas v
On 19.12.2023 at 13:31 Mark Alley via mailop wrote:
> Hey all, recently saw this mail server SMTP vulnerability that popped up on a
> blog yesterday. Sharing here for those interested.
> https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Thanks for sharing, interestin
On Tue 19/Dec/2023 22:12:28 +0100 Gellner, Oliver via mailop wrote:
On 19.12.2023 at 12:19 Alessandro Vesely via mailop wrote:
On Tue 19/Dec/2023 09:21:55 +0100 Taavi Eomäe wrote:
Considering how Gmail and quite a few widespread DKIM implementations still
don't support EdDSA DKIM, I wouldn't g
On Tue 19/Dec/2023 21:19:06 +0100 Marco Moock via mailop wrote:
Am 19.12.2023 um 17:20:20 Uhr schrieb Slavko via mailop:
Please, understand i properly, that it is no vulnerabiliy in SMTP
itself, but in (some) implementations/servers only?
According to the stuff I read, sendmail and Postfix (a
