SEC Consult Vulnerability Lab, Timo Longin discovered a novel exploitation technique for SMTP (Simple Mail Transfer Protocol).
Basically, the vulnerability exploits differences between smtp servers on how they handle non-standard end-of-message sequences.
To exploit the vulnerability, two mail servers with different handling of non-standard end-of-message sequences are required.
The exploit makes it possible to smuggle/send spoofed e-mails.
CipherMail Gateway/Webmail uses Postfix for delivering email.
If Postfix receives an email from a vulnerable SMTP server, Postfix will deliver the "smuggled" email as a separate email.
To stop Postfix from accepting the "smuggled" email, unauthorized pipelining should be disabled.
To disable unauthorized pipelining, the following parameter should be added to Postfix main config:
smtpd_data_restrictions = reject_unauth_pipelining
This can be added from the CipherMail GUI (Admin -> MTA -> Config -> MTA config file)
Then add the above
smtpd_data_restrictions line to the end of the config file and apply.
Alternatively, the Postfix main configuration file can be directly edited from the command line:
$ sudo vim /etc/postfix/main.cf
$ sudo systemctl restart postfix.service
For more information see:
Please contact us if you need more information.