On 12/6/2017 10:00 AM, RW wrote:
On Wed, 6 Dec 2017 06:29:01 -0500
Kevin A. McGrail wrote:
I've added these rules to KAM.cf and would appreciate feedback.
#MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the
idea #NUL
header __KAM_MAILSPLOIT1 From =~ /[\0]/
describe __KAM_MA
RW writes:
> On Wed, 6 Dec 2017 06:29:01 -0500
> Kevin A. McGrail wrote:
>
>> I've added these rules to KAM.cf and would appreciate feedback.
>>
>> #MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the
>> idea #NUL
>> header __KAM_MAILSPLOIT1 From =~ /[\0]/
>> describe __KAM_MA
On Wed, 6 Dec 2017, Antony Stone wrote:
On Wednesday 06 December 2017 at 18:15:55, John Hardin wrote:
On Wed, 6 Dec 2017, Kevin A. McGrail wrote:
Something like this:
header__KAM_MAILSPLOIT1 From =~ /[\0]/
describe__KAM_MAILSPLOIT1RFC2047 Exploit
https://www.mailsploit.com/ind
On Wednesday 06 December 2017 at 18:15:55, John Hardin wrote:
> On Wed, 6 Dec 2017, Kevin A. McGrail wrote:
> >
> > Something like this:
> >
> > header__KAM_MAILSPLOIT1 From =~ /[\0]/
> > describe__KAM_MAILSPLOIT1RFC2047 Exploit
> > https://www.mailsploit.com/index
> >
> > And a p
On Wed, 6 Dec 2017, Kevin A. McGrail wrote:
On 12/6/2017 4:27 AM, Frido Otten wrote:
Yesterday I saw this message that a bug in mailclients allow sender
spoofing which bypasses SPF/DKIM/DMARC mechanisms. Maybe you've read
about it. More information about it here: https://www.mailsploit.com/i
On Wed, 6 Dec 2017 06:29:01 -0500
Kevin A. McGrail wrote:
> I've added these rules to KAM.cf and would appreciate feedback.
>
> #MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the
> idea #NUL
> header __KAM_MAILSPLOIT1 From =~ /[\0]/
> describe __KAM_MAILSPLOIT1 RFC2047 Expl
On Wed, 06 Dec 2017 14:37:28 +0100
Benny Pedersen wrote:
> http://www.postfix.org/postconf.5.html#message_strip_characters
That won't work because the doc says:
Note 1: this feature does not recognize text that requires MIME
decoding. It inspects raw message content, just like header_ch
Kevin A. McGrail skrev den 2017-12-06 14:24:
Re: #5. There is an exploit in that From: Where an Email Address is
used in the Name Field. There's been a lot of discussion about that
type of email on list that it likely wouldn't apply to this group of
rules.
http://www.postfix.org/postconf.5.h
On 12/6/2017 8:06 AM, Ian wrote:
All 14 variations from the MailSploit website apart from #5 triggered
the rule. This is expected as the From: in #5 is simply:
From: "po...@whitehouse.gov"
I.e. there doesn't seem to be an exploit in it ;)
Thanks Ian. I appreciate the testing.
He's ap
On 06/12/2017 11:29, Kevin A. McGrail wrote:
I've added these rules to KAM.cf and would appreciate feedback.
Hi,
All 14 variations from the MailSploit website apart from #5 triggered
the rule. This is expected as the From: in #5 is simply:
From: "po...@whitehouse.gov"
I.e. ther
I've added these rules to KAM.cf and would appreciate feedback.
#MAILSPLOIT CONTROL CHARACTER - Thanks to Jan-Pieter Cornet for the idea
#NUL
header __KAM_MAILSPLOIT1 From =~ /[\0]/
describe __KAM_MAILSPLOIT1 RFC2047 Exploit
https://www.mailsploit.com/index
#\n Multiple inthe From Head
Hi all,
Yesterday I saw this message that a bug in mailclients allow sender
spoofing which bypasses SPF/DKIM/DMARC mechanisms. Maybe you've read
about it. More information about it here: https://www.mailsploit.com/index
I was thinking that there might be a possiblity to detect this in
spamassassi
On 12/6/2017 4:27 AM, Frido Otten wrote:
Yesterday I saw this message that a bug in mailclients allow sender
spoofing which bypasses SPF/DKIM/DMARC mechanisms. Maybe you've read
about it. More information about it here: https://www.mailsploit.com/index
I was thinking that there might be a possib
Hi all,
Yesterday I saw this message that a bug in mailclients allow sender
spoofing which bypasses SPF/DKIM/DMARC mechanisms. Maybe you've read
about it. More information about it here: https://www.mailsploit.com/index
I was thinking that there might be a possiblity to detect this in
spamassassi
14 matches
Mail list logo
