Defense against SMTP Smuggling?

• Spoofing
• SMTP
• cybercrime
• security

• D

  DAVID

  1/30/24, 10:44 AM

  Does MDaemon have, or are you working to provide, defenses against SMTP Smuggling, as referred to in this blog post by KnowBe4 which references info published by Timo Longin of SEC Consult?

  https://blog.knowbe4.com/smtp-smuggling-email-security-impersonation

  https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

   

  Thanks,

  Dave

   

  0 likes 0 likes Liked Like

  ---

  3
  Posts

  138
  Views

  Reply

  ---

• A

  Arron Admin Staff

  1/30/24, 10:53 AM

  MDaemon 23.5.2, which is being released today, includes 2 changes to prevent SMTP smuggling.

  • To prevent inbound SMTP smuggling, MDaemon now requires message data to end with <CRLF>.<CRLF>. Previously, it would allow <LF>.<LF>. To disable this, edit \MDaemon\App\MDaemon.ini and set [Special] SMTPRequireCRLFdotCRLF=No.
  • To prevent outbound SMTP smuggling, MDaemon by default removes bare <CR> characters from messages. To disable this, edit \MDaemon\App\MDaemon.ini and set [Special] SMTPAllowBareCR=Yes.

  --
  Arron Caruth

  0 likes 0 likes Liked Like

  ---

• D

  DAVID

  1/30/24, 11:11 AM

  Terrific! Thanks!

  Dave

   

  0 likes 0 likes Liked Like

  ---