SMTP Smuggling - Spoofing E-Mails Worldwide

/ Martijn Brinkers

SEC Consult Vulnerability Lab, Timo Longin discovered a novel exploitation technique for SMTP (Simple Mail Transfer Protocol).

Basically, the vulnerability exploits differences between smtp servers on how they handle non-standard end-of-message sequences.

To exploit the vulnerability, two mail servers with different handling of non-standard end-of-message sequences are required.

The exploit makes it possible to smuggle/send spoofed e-mails.

CipherMail Gateway/Webmail uses Postfix for delivering email.

If Postfix receives an email from a vulnerable SMTP server, Postfix will deliver the "smuggled" email as a separate email.

To stop Postfix from accepting the "smuggled" email, unauthorized pipelining should be disabled.

To disable unauthorized pipelining, the following parameter should be added to Postfix main config:

smtpd_data_restrictions = reject_unauth_pipelining

This can be added from the CipherMail GUI (Admin -> MTA -> Config -> MTA config file)

Then add the above smtpd_data_restrictions line to the end of the config file and apply.

Alternatively, the Postfix main configuration file can be directly edited from the command line:

$ sudo vim /etc/postfix/
$ sudo systemctl restart postfix.service

For more information see:

Please contact us if you need more information.