[exim] Re: SMTP smuggling and Exim

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Klaus Ethgen
Fecha:  
A: exim-users
Asunto: [exim] Re: SMTP smuggling and Exim
Hi,

Am Fr den 22. Dez 2023 um 11:37 schrieb Bjoern Franke via Exim-users:
> I didn't see anything in the archives regarding this:
>
> https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
>
> exim is not mentioned, so it's not affected?


Well, there are two things why exim is not "affected".

1. This is a normal behaviour of a MTA. Accepting multiple mails in
incoming connection is common. However, in exim you can prevent that
by only accepting one mail per connection.

2. It is the job of an MTA preventing a normal mail to escape to the
command level. So if the sending MTA allows that, it is an error in
that MTA, not in the receiving one.

Regards
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/