[pfx] Steps to replicate SMTP smuggling

hey postfix-users,I am trying to replicate the smtp smuggling for my postfix servers to verify the fix. But I am not able to recreate it. Incoming side I am always receiving single mail. I am trying to send a mail with the incorrect END-OF-DATA with a script. Can someone help with the same?Thanks &

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Hi ! with mydomain = hoerst.net myorigin = $mydomain the email sent via mailx has u...@host.domain.tld as sender address again... but this time somehow its DKIM signed at least Ciao Gerd Am 15.01.24 um 17:39 schrieb Wietse Venema via Postfix-users: Viktor Dukhovni via Postfix-users: On M

[pfx] ldap + 550 5.1.1

Mail from root.brezen.example.net is rejected. root's mail should not be masked since it will be sorted by sieve depending on the originating host. Is /etc/aliases ignored when ldap is in use?   Header from offending mail   Return-Path: Received: by brezen.example.net (Postfix, from userid 0)

[pfx] Re: postfix repo

On January 16, 2024 3:11:37 AM UTC, Peter via Postfix-users wrote: >On 12/01/24 04:08, Wietse Venema via Postfix-users wrote: >> Viktor Dukhovni via Postfix-users: >>> On Thu, Jan 11, 2024 at 03:53:35PM +0100, natan via Postfix-users wrote: Hi Wietse Have you thought about postfix repo fo

[pfx] Re: postfix repo

On 12/01/24 04:08, Wietse Venema via Postfix-users wrote: Viktor Dukhovni via Postfix-users: On Thu, Jan 11, 2024 at 03:53:35PM +0100, natan via Postfix-users wrote: Hi Wietse Have you thought about postfix repo for Debian, just like dovecot has for his relase ? What is a "Postfix repo for D

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Hi ! Ok i will  try tomorrow Ciao Gerd ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Viktor Dukhovni via Postfix-users: > On Mon, Jan 15, 2024 at 08:14:13AM +0100, Gerd Hoerst via Postfix-users wrote: > > > I added > > > > masquerade_domains > > = hoerst.net > > > > to main.cf and mail sent via mailx is sent asu...@d

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

On Mon, Jan 15, 2024 at 08:14:13AM +0100, Gerd Hoerst via Postfix-users wrote: > I added > > masquerade_domains > = hoerst.net > > to main.cf and mail sent via mailx is sent asu...@domain.tld and it has also > both DKIM Signatures

[pfx] Re: improper command pipelining

On 2024-01-15 at 04:15:53 UTC-0500 (Mon, 15 Jan 2024 10:15:53 +0100) Admin Beckspaced via Postfix-users is rumored to have said: somoene is trying to use your postfix as http proxy server. Looks like security scanner. do you know the type of encoding? The encoding for the log is octal: chara

[pfx] Re: improper command pipelining

Admin Beckspaced via Postfix-users: > dear postfix users, > > since the recent SMTP smuggling issue I applied the short term > workaround by setting smtpd_forbid_unauth_pipelining = yes > > I also do a daily scan on journalctl with some keywords, e.g. 'pipelining' > > the following showed up th

[pfx] Re: improper command pipelining

Dnia 15.01.2024 o godz. 09:34:06 Admin Beckspaced via Postfix-users pisze: > do i need to be worried? As your logs clearly show it's Shodan, then either ignore it or simply block it right away. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they'r

[pfx] Re: improper command pipelining

Looks like security scanner. do you know the type of encoding? I would like to decode and see the actual commands. after CONNECT usually TLS negotiation occurs, that may be it. I don't know if there's any value in knowing that. thanks i was just curious :) Jan 14 01:57:15 cx20 postfi

[pfx] Re: improper command pipelining

On 15.01.24 10:15, Admin Beckspaced via Postfix-users wrote: somoene is trying to use your postfix as http proxy server. Looks like security scanner. do you know the type of encoding? I would like to decode and see the actual commands. after CONNECT usually TLS negotiation occurs, that may

[pfx] Re: improper command pipelining

On Mon, Jan 15, 2024 at 10:15:53AM +0100, Admin Beckspaced via Postfix-users wrote: > > > somoene is trying to use your postfix as http proxy server. > > Looks like security scanner. > do you know the type of encoding? No, by "CONNECT", which is no SMTP command, but a HTTP one. Bastian -- Spo

[pfx] Re: improper command pipelining

somoene is trying to use your postfix as http proxy server. Looks like security scanner. do you know the type of encoding? I would like to decode and see the actual commands. Jan 14 01:57:15 cx20 postfix/submission/smtpd[25120]: improper command pipelining after CONNECT from battery.census

[pfx] Re: improper command pipelining

On 15.01.24 09:34, Admin Beckspaced via Postfix-users wrote: dear postfix users, since the recent SMTP smuggling issue I applied the short term workaround by setting smtpd_forbid_unauth_pipelining = yes I also do a daily scan on journalctl with some keywords, e.g. 'pipelining' the following

[pfx] improper command pipelining

dear postfix users, since the recent SMTP smuggling issue I applied the short term workaround by setting smtpd_forbid_unauth_pipelining = yes I also do a daily scan on journalctl with some keywords, e.g. 'pipelining' the following showed up this morning. do i need to be worried? thanks & gr