SMTP Smuggling - Spoofing E-Mails Worldwide

SEC Consult Vulnerability Lab, Timo Longin discovered a novel exploitation technique for SMTP
(Simple Mail Transfer Protocol).

Basically, the vulnerability exploits differences between smtp servers on how they handle non-standard end-of-message sequences.

To exploit the vulnerability, two mail servers with different handling of non-standard end-of-message sequences are required.

The exploit makes it possible to smuggle/send spoofed e-mails.

CipherMail Gateway/Webmail uses Postfix for delivering email.

If Postfix receives an email from a vulnerable SMTP server, Postfix will deliver the “smuggled” email as a separate email.

To stop Postfix from accepting the “smuggled” email, unauthorized pipelining should be disabled.

To disable unauthorized pipelining, the following parameter should be added to Postfix main config:

smtpd_data_restrictions = reject_unauth_pipelining

This can be added from the CipherMail GUI (Admin → MTA → Config → MTA config file)

Then add the above smtpd_data_restrictions line to the end of the config file and apply.

Alternatively, the Postfix main configuration file can be directly edited from the command line:

$ sudo vim /etc/postfix/main.cf
$ sudo systemctl restart postfix.service

For more information see:

https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

https://www.postfix.org/smtp-smuggling.html

Please contact us if you need more information.