Anyone else tested for "Mailsploit" issues?
Question asked by network admin - December 5, 2017 at 1:20 PM
Unanswered
So Wired magazine published an interesting article regarding problems with using RFC 1342 to sneak by DKIM and DMARC rules. The exploit allows the sender to spoof any address.  There are over 30 listed clients including web based.  I did NOT see SmarterMail or SmarterTrack listed but I was interested in seeing if this has been tested against SM16 yet or not and if there has been any consideration for how to fix this.
 

4 Replies

Reply to Thread
0
network admin Replied
Oh and FYI there is a way to test it.   Here is what happens when it hits my SM16 server. So I guess the question is does this mean SM16 is safe?
 
[2017.12.05] 14:21:10 [54.240.7.33][16500533] rsp: 220 mail.americanlenders.com 54.240.7.33 Tue, 05 Dec 2017 14:21:10 -06:00
[2017.12.05] 14:21:10 [54.240.7.33][16500533] connected at 12/5/2017 2:21:10 PM
[2017.12.05] 14:21:10 [54.240.7.33][16500533] cmd: EHLO a7-33.smtp-out.eu-west-1.amazonses.com
[2017.12.05] 14:21:10 [54.240.7.33][16500533] rsp: 250-mail.americanlenders.com Hello [54.240.7.33]250-SIZE250-AUTH LOGIN CRAM-MD5250-STARTTLS250-VRFY250-8BITMIME250 OK
[2017.12.05] 14:21:10 [54.240.7.33][16500533] cmd: STARTTLS
[2017.12.05] 14:21:10 [54.240.7.33][16500533] rsp: 220 Start TLS negotiation
[2017.12.05] 14:21:11 [54.240.7.33][16500533] cmd: EHLO a7-33.smtp-out.eu-west-1.amazonses.com
[2017.12.05] 14:21:11 [54.240.7.33][16500533] rsp: 250-mail.americanlenders.com Hello [54.240.7.33]250-SIZE250-AUTH LOGIN CRAM-MD5250-VRFY250-8BITMIME250 OK
[2017.12.05] 14:21:11 [54.240.7.33][16500533] cmd: MAIL FROM:<010201602856ddd0-48ebd6ac-b2aa-4ed6-8a1f-1e8f4fa0a86e-000000@eu-west-1.amazonses.com>
[2017.12.05] 14:21:11 [54.240.7.33][16500533] rsp: 250 OK <010201602856ddd0-48ebd6ac-b2aa-4ed6-8a1f-1e8f4fa0a86e-000000@eu-west-1.amazonses.com> Sender ok
[2017.12.05] 14:21:11 [54.240.7.33][16500533] cmd: RCPT TO:<jonathanterry@americanlenders.com>
[2017.12.05] 14:21:11 [54.240.7.33][16500533] rsp: 250 OK <jonathanterry@americanlenders.com> Recipient ok
[2017.12.05] 14:21:11 [54.240.7.33][16500533] cmd: DATA
[2017.12.05] 14:21:11 [54.240.7.33][16500533] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2017.12.05] 14:21:12 [54.240.7.33][16500533] Exception: Object reference not set to an instance of an object.
[2017.12.05] 14:21:12 [54.240.7.33][16500533] data transfer failed. 
[2017.12.05] 14:21:12 [54.240.7.33][16500533] disconnected at 12/5/2017 2:21:12 PM
2
Scarab Replied
I would hope that SmarterMail is properly sanitizing non-ASCII strings after decoding them but it would certainly be nice to know this for a fact. It would be reassuring to hear from SmarterTools themselves on whether they have addressed the Mailsploit vulnerability for an upcoming patch or have verified that SmarterMail (and SmarterTrack) have been pen-tested for this vulnerability and passed with flying colors. Considering Mailsploit has hit every IT rag yesterday and is hitting mainstream media today inquiring minds certainly want to know.
0
Matt Petty Replied
Employee Post
Right now all but one test fail to even deliver the mail due to some null reference errors. The one test that does go through gets smacked down by DKIM.
We will be working on why it's having delivery issues, then retesting it.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scarab Replied
Thanks for the update Matt. It is greatly appreciated and definitely good to hear that SmarterTools has been following Best Practices with sanitizing non-ASCII properly!

The Null reference errors in delivery I've noticed with email with a From: <> in the latest v16 release so that's not too much of a surprise that it is happening with Mailsploit messages too. We don't get too many emails a day with Null senders so it's really been a minor issue clearing them out of the Spool manually.

Reply to Thread