[exim] Exim (aoom) named in context of new TLS cross-protoco…

Top Page
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim users
Subject: [exim] Exim (aoom) named in context of new TLS cross-protocol attack

Context:
https://thehackernews.com/2021/06/new-tls-attack-lets-attackers-launch.html?

See figure 1 right column line #2

------

A few weeks ago, I suggested to take care of these freaks, that redirect
HTTP requests to SMTP Ports,
spamming logs and wasting valueable hamstertime.

As it looks, this redirects can now be used to do reflection attacks and
other cross-protocol attacks on servers,
that use the same tls cert for different services.

I think, this is a pretty good reason to end this, by silently dropping
those connections as the garbage they are and
sendout a press release about it. It has three benefits: it's good pr,
it's good for security and reduces waste traffic on exim mailservers.

Don#t get me wrong, exim is at the top of this "best of the worse" list,
because it stops after 3 retriesm but other server like proftpd have
already reacted to this by implementing countermeasures. This can also
be seen in the mentioned figure.

Best regards,
Marius