MoinQ: SMTP/Smuggling/smtpsmug

• RecentChanges
• FindPage
• HelpContents
• SMTP/Smuggling/smtpsmug

• Immutable Page
• Comments
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ CreateNewPage Load PageActions Save SlideShow Thumbnails

smtpsmug allows sending mails to an smtp server and ending it with various malformed end of data symbol. This tests whether servers are affected by SMTP Smuggling vulnerabilities. Please consider this preliminary and work in progress, I am still trying to fully understand the issue myself.

By default, smtpsmug will send a test mail ending with a '\n.\n' symbol (Unix newlines instead of Windows '\r\n' newlines). It supports multiple other malformed endings. Use --list-tests to show them, --test [testname] to select one.

To test the postfix mitigation, there is now a pipelining test. (May be unstable.)

There are multiple behaviors of mail servers that enable the vulnerability:

MoinQ: SMTP/Smuggling/smtpsmug (last edited 2023-12-27 10:47:19 by ToshinoriMaeno)

• Immutable Page
• Comments
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ CreateNewPage Load PageActions Save SlideShow Thumbnails

• MoinMoin Powered
• Python Powered
• GPL licensed
• Valid HTML 4.01