Defense against SMTP Smuggling? | MDaemon Technologies, Ltd.

Defense against SMTP Smuggling?

D

DAVID
1/30/24, 10:44 AM

Does MDaemon have, or are you working to provide, defenses against SMTP Smuggling, as referred to in this blog post by KnowBe4 which references info published by Timo Longin of SEC Consult?

https://blog.knowbe4.com/smtp-smuggling-email-security-impersonation

https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Thanks,

Dave

0 likes 0 likes

3
Posts

74
Views
A

Arron Staff
1/30/24, 10:53 AM
MDaemon 23.5.2, which is being released today, includes 2 changes to prevent SMTP smuggling.
- To prevent inbound SMTP smuggling, MDaemon now requires message data to end with <CRLF>.<CRLF>. Previously, it would allow <LF>.<LF>. To disable this, edit \MDaemon\App\MDaemon.ini and set [Special] SMTPRequireCRLFdotCRLF=No.
- To prevent outbound SMTP smuggling, MDaemon by default removes bare <CR> characters from messages. To disable this, edit \MDaemon\App\MDaemon.ini and set [Special] SMTPAllowBareCR=Yes.
--
Arron Caruth

0 likes 0 likes
D

DAVID
1/30/24, 11:11 AM

Terrific! Thanks!

Dave

0 likes 0 likes

Please login to reply this topic!

Copyright © 1996-2024 MDaemon Technologies, Ltd. All trademarks are property of their respective owners.