Viktor Dukhovni via Postfix-users:
> On Thu, Dec 21, 2023 at 04:29:20PM -0500, Wietse Venema via Postfix-users
> wrote:
>
> > > > https://gitlab.com/ohisee/block-shodan-stretchoid-census
> > >
> > > I feel no particular urge to block them.
> >
> > They apparently flag a lot more Postfix MTAs
On Thu, Dec 21, 2023 at 04:29:20PM -0500, Wietse Venema via Postfix-users wrote:
> > > https://gitlab.com/ohisee/block-shodan-stretchoid-census
> >
> > I feel no particular urge to block them.
>
> They apparently flag a lot more Postfix MTAs than Exim ones.
By "flag" you mean count instances
Viktor Dukhovni via Postfix-users:
> On Thu, Dec 21, 2023 at 03:08:57PM -0500, pgnd via Postfix-users wrote:
>
> > > This even includes "shodan" looking
> >
> > ugh. shodan.
> >
> > this can help a bit
> >
> > https://gitlab.com/ohisee/block-shodan-stretchoid-census
>
> I feel no particular
On Thu, Dec 21, 2023 at 03:08:57PM -0500, pgnd via Postfix-users wrote:
> > This even includes "shodan" looking
>
> ugh. shodan.
>
> this can help a bit
>
> https://gitlab.com/ohisee/block-shodan-stretchoid-census
I feel no particular urge to block them.
--
Viktor.
On Thu, Dec 21, 2023 at 02:17:34PM -0500, Wietse Venema via Postfix-users wrote:
> Kim Sindalsen via Postfix-users:
> > I'm reading that either " smtpd_data_restrictions =
> > reject_unauth_pipelining" or "smtpd_forbid_unauth_pipelining = yes" should
> > *work* for shor-term workaround, right?
>
Kim Sindalsen via Postfix-users:
> I'm reading that either " smtpd_data_restrictions =
> reject_unauth_pipelining" or "smtpd_forbid_unauth_pipelining = yes" should
> *work* for shor-term workaround, right?
They look for the same thing but at different times.
> I've had data-restrictions for years
> -Original Message-
> From: Wietse Venema via Postfix-announce
> Sent: 21. december 2023 13:52
> To: Postfix announce
> Cc: Postfix users
> Subject: [pfx-ann] SMTP Smuggling, workarounds and fix
>
> SHORT-TERM WORKAROUNDS
>
> A short-term workaround can be deployed now, before the upc
Hi
Why I asking beacuse I use
.
smtpd_end_of_data_restrictions =
check_policy_service { inet:127.0.0.1:10040 timeout=4s,
default_action=DUNNO }
permit_mynetworks,
lpolicyd
smtpd_data_restrictions = reject_unauth_pipelining
.
W dniu 21.12.2023 o 19:41, Wietse
natan:
> https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Wietse:
> See:https://www.postfix.org/smtp-smuggling.html
natan:
> reject_unauth_pipelining in: smtpd_data_restrictions
> or maybe only in smtpd_end_of_data_restrictions ?
Then, Postfix will have to receive t
Hi
Thenx for info Wietse
reject_unauth_pipelining in: smtpd_data_restrictions
or maybe only in smtpd_end_of_data_restrictions ?
W dniu 21.12.2023 o 19:11, Wietse Venema via Postfix-users pisze:
natan via Postfix-users:
Hi
I found today
https://sec-consult.com/blog/detail/smtp-smuggling-spoo
natan via Postfix-users:
> Hi
> I found today
>
> https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
See: https://www.postfix.org/smtp-smuggling.html
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe
Hi
I found today
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
--
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
Thank you Wietse, I have used Postfix since early 2000.
Thanks to you and to the community!!!
On Thu, Dec 14, 2023 at 2:21 PM Wietse Venema via Postfix-users <
postfix-users@postfix.org> wrote:
> As a few on this list may recall, it is 25 years ago today that the
> "IBM secure mailer" had its pub
Till W. via Postfix-users:
[ Charset ISO-8859-1 converted... ]
> Dear team,
> we enabled smtpd_forbid_unauth_pipelining in our Postfix, but unfortunately
> it still accepts \n.\n (.) as EOD. This is our configuration in
> main.cf:
>
> smtpd_forbid_unauth_pipelining = yes
> smtpd_discard_ehlo_key
Till W. via Postfix-users:
> Dear team,
> we enabled smtpd_forbid_unauth_pipelining in our Postfix, but unfortunately
> it still accepts \n.\n (.) as EOD. This is our configuration in
> main.cf:
>
Of course it does. It is supposed to reject message content that is
received IN THE SAME PACKET as
[A longer and updated version of this text may be found at
https://www.postfix.org/smtp-smuggling.html]
SUMMARY
As part of a non-responsible disclosure process, SEC Consult has
published an email spoofing attack that involves a composition of
email services with specific differences in the way t
Hello Carsten,
thanks alot for your response!
I reloaded the config:
postconf -f | grep pipelining
smtpd_discard_ehlo_keywords = pipelining
smtpd_forbid_unauth_pipelining = yes
And do not get Pipelining listed anymore:
220 dev1.example.dev ESMTP Postfix
250-dev1.example.dev
250-SIZE 52428800
Hey,
it seems you're still offering
250-PIPELINING
Both options work as exspected on my side (Postfix 3.7.6).
best regards
Carsten
On 21.12.23 10:29, Till W. via Postfix-users wrote:
Dear team,
we enabled smtpd_forbid_unauth_pipelining in our Postfix, but
unfortunately it still accepts \
Emmanuel:
>Nginx is mainly a buffering HTTP proxy/reverse proxy and/or a HTTP TLS
>termination endpoint or raw N to 1 TCP proxy. ...
Nginx can also act very good as a mere TCP proxy with proxy protocol. I am not
terminating TLS on my VPS except for public websites served directly by the VPS.
>The
Le 21/12/2023 à 10:03, Joachim Lindenberg via Postfix-users a écrit :
Emmanuel,
please read the thread
https://www.mail-archive.com/postfix-users@postfix.org/msg100852.html from the
beginning. SOCKS5 was already considered as an alternative to proxy protocol.
If you want to bash nginx then ple
Dear team,
we enabled smtpd_forbid_unauth_pipelining in our Postfix, but unfortunately it
still accepts \n.\n (.) as EOD. This is our configuration in main.cf:
smtpd_forbid_unauth_pipelining = yes
smtpd_discard_ehlo_keywords = pipelining
Here is an example of two emails being pipelined with .:
Emmanuel,
please read the thread
https://www.mail-archive.com/postfix-users@postfix.org/msg100852.html from the
beginning. SOCKS5 was already considered as an alternative to proxy protocol.
If you want to bash nginx then please provide some substance. I am running
multiple instances of web serv
22 matches
Mail list logo
