[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Wietse Venema via Postfix-users
People are welcome to test tools against postfix-3.9-20240106. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Geert Hendrickx via Postfix-users
On Sat, Jan 06, 2024 at 14:47:59 -0500, Wietse Venema via Postfix-users wrote: > Damian: > > If I remember correctly, on the wire there was \r\n\r\n.\r\r\n > > Viktor Dukhovni: > > Does that also need to be more strict? :-( > > Indeed, and as usual the fix is trivial. This process is backwards,

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Wietse Venema via Postfix-users
Damian: > If I remember correctly, on the wire there was \r\n\r\n.\r\r\n Viktor Dukhovni: > Does that also need to be more strict? :-( Indeed, and as usual the fix is trivial. This process is backwards, it is what we get with publication before the analysis, tooling, and software fixes are compl

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Viktor Dukhovni via Postfix-users
On 6 Jan 2024, at 12:04 pm, Damian via Postfix-users wrote: > > If I remember correctly, on the wire there was \r\n\r\n.\r\r\n > > I will assemble a pcap and some logs when I'm back home. That's expected, Postfix will accept one *or more* CRs before LF as CRLF. https://github.com/vdukhovn

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Damian via Postfix-users
If I remember correctly, on the wire there was \r\n\r\n.\r\r\n I will assemble a pcap and some logs when I'm back home. > In other words, I need to see proff in the form of a PCAP file and > NON-VERBOSE logging, or it did not happen. ___ Postfix-users

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Wietse Venema via Postfix-users
BTW All smuggling tests are invalid when the client is allowlisted with smtpd_forbid_bare_newline_exclusions (default: $mynetworks). Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Wietse Venema via Postfix-users
Wietse Venema via Postfix-users: > Damian via Postfix-users: > > > The recommended settings are: > > > > > >

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Wietse Venema via Postfix-users
Damian via Postfix-users: > > The recommended settings are: > > > > > >

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Damian via Postfix-users
smuggling for the `\r\n.\n` case. Sorry, that was a bad copypaste, I meant '\r\n.\r'. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: SMTP Smuggling with long-term fix

2024-01-06 Thread Damian via Postfix-users
The test tool [1] revealed that my 3.7.9 Postfix using `smtpd_forbid_bare_newline = yes` admits smuggling for the `\r\n.\n` case. One still needs `smtpd_data_restrictions = reject_unauth_pipelining` to close that one as well. After a small adaptation to the tool to use BDAT one can see what Wiet

[pfx] SMTP Smuggling with long-term fix

2024-01-06 Thread Damian via Postfix-users
The recommended settings are: #