SEC Consult Vulnerability Lab, Timo Longin discovered a novel exploitation technique for SMTP
(Simple Mail Transfer Protocol).
Basically, the vulnerability exploits differences between smtp servers on how they handle non-standard end-of-message sequences.
To exploit the vulnerability, two mail servers with different handling of non-standard end-of-message sequences are required.
The exploit makes it possible to smuggle/send spoofed e-mails.
CipherMail Gateway/Webmail uses Postfix for delivering email.
If Postfix receives an email from a vulnerable SMTP server, Postfix will deliver the “smuggled” email as a separate email.
To stop Postfix from accepting the “smuggled” email, unauthorized pipelining should be disabled.
To disable unauthorized pipelining, the following parameter should be added to Postfix main config:
smtpd_data_restrictions = reject_unauth_pipelining
This can be added from the CipherMail GUI (Admin → MTA → Config → MTA config file)
Then add the above smtpd_data_restrictions
line to the end of the config file and apply.
Alternatively, the Postfix main configuration file can be directly edited from the command line:
$ sudo vim /etc/postfix/main.cf
$ sudo systemctl restart postfix.service
For more information see:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
https://www.postfix.org/smtp-smuggling.html
Please contact us if you need more information.