On 2016-12-02 15:10, Michael Munger wrote:
This is a great idea. This is a spam filter that is integrated into a
CRM system, so I needed to parse and dump the information so it could
be
sucked up later.
Here's what I ultimately created. It still needs some work (mainly
because it re-reads the
@ lbutlr:
> On 12/3/16 2:57 PM, Wietse Venema wrote:
> > Proof of concept:
> >
> > MAIL FROM<" > type='text/javascript'>alert('xss');"@example.com>
>
> That result in "501 5.5.4 Syntax: MAIL FROM:"
OK, so insert a the missing ':'
MAIL FROM:"alert('xss');"@example.com>
250 2.1.0 Ok
Instead of
On 12/4/16 8:17 AM, Wietse Venema wrote:
@ lbutlr:
On 12/3/16 2:57 PM, Wietse Venema wrote:
Proof of concept:
MAIL FROM<"alert('xss');"@example.com>
That result in "501 5.5.4 Syntax: MAIL FROM:"
OK, so insert a the missing ':'
MAIL FROM:"alert('xss');"@example.com>
250 2.1.0 Ok
Fair e
If the fullchain.pem file is the result of the acme client cert-bot, this file
includes Let's Encrypt intermediate certificate and your server certificate.
smtpd_tls_cert_file = /path/to/fullchain.pem
smtpd_tls_key_file = /path/to/privkey.pem
> On Nov 15, 2016, at 03:08, Steve Jenkins wrote:
>
@ lbutlr:
> On 12/4/16 8:17 AM, Wietse Venema wrote:
> > @ lbutlr:
> >> On 12/3/16 2:57 PM, Wietse Venema wrote:
> >>> Proof of concept:
> >>>
> >>> MAIL FROM<" >>> type='text/javascript'>alert('xss');"@example.com>
> >>
> >> That result in "501 5.5.4 Syntax: MAIL FROM:"
> >
> > OK, so insert a t
