Defense against SMTP Smuggling? | MDaemon Technologies Community Forum

Defense against SMTP Smuggling?

D

DAVID
1/30/24, 10:44 AM

Does MDaemon have, or are you working to provide, defenses against SMTP Smuggling, as referred to in this blog post by KnowBe4 which references info published by Timo Longin of SEC Consult?

https://blog.knowbe4.com/smtp-smuggling-email-security-impersonation

https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Thanks,

Dave

0 likes 0 likes

3
Posts

138
Views
A

Arron Admin Staff
1/30/24, 10:53 AM
MDaemon 23.5.2, which is being released today, includes 2 changes to prevent SMTP smuggling.
- To prevent inbound SMTP smuggling, MDaemon now requires message data to end with <CRLF>.<CRLF>. Previously, it would allow <LF>.<LF>. To disable this, edit \MDaemon\App\MDaemon.ini and set [Special] SMTPRequireCRLFdotCRLF=No.
- To prevent outbound SMTP smuggling, MDaemon by default removes bare <CR> characters from messages. To disable this, edit \MDaemon\App\MDaemon.ini and set [Special] SMTPAllowBareCR=Yes.
--
Arron Caruth

0 likes 0 likes
D

DAVID
1/30/24, 11:11 AM

Terrific! Thanks!

Dave

0 likes 0 likes

Please login to reply to this topic!

Copyright © 1996-2026 MDaemon Technologies, Ltd. All trademarks are property of their respective owners.