Back to Community Threads
4
Anyone else tested for "Mailsploit" issues?
Question asked by network admin - 12/5/2017 at 1:20 PM
Unanswered
So Wired magazine published an interesting article regarding problems with using RFC 1342 to sneak by DKIM and DMARC rules. The exploit allows the sender to spoof any address.  There are over 30 listed clients including web based.  I did NOT see SmarterMail or SmarterTrack listed but I was interested in seeing if this has been tested against SM16 yet or not and if there has been any consideration for how to fix this.
 

4 Replies

Reply to Thread
0
network admin Replied
12/5/2017 at 1:25 PM
Oh and FYI there is a way to test it.   Here is what happens when it hits my SM16 server. So I guess the question is does this mean SM16 is safe?
 
[2017.12.05] 14:21:10 [54.240.7.33][16500533] rsp: 220 mail.americanlenders.com 54.240.7.33 Tue, 05 Dec 2017 14:21:10 -06:00
[2017.12.05] 14:21:10 [54.240.7.33][16500533] connected at 12/5/2017 2:21:10 PM
[2017.12.05] 14:21:10 [54.240.7.33][16500533] cmd: EHLO a7-33.smtp-out.eu-west-1.amazonses.com
[2017.12.05] 14:21:10 [54.240.7.33][16500533] rsp: 250-mail.americanlenders.com Hello [54.240.7.33]250-SIZE250-AUTH LOGIN CRAM-MD5250-STARTTLS250-VRFY250-8BITMIME250 OK
[2017.12.05] 14:21:10 [54.240.7.33][16500533] cmd: STARTTLS
[2017.12.05] 14:21:10 [54.240.7.33][16500533] rsp: 220 Start TLS negotiation
[2017.12.05] 14:21:11 [54.240.7.33][16500533] cmd: EHLO a7-33.smtp-out.eu-west-1.amazonses.com
[2017.12.05] 14:21:11 [54.240.7.33][16500533] rsp: 250-mail.americanlenders.com Hello [54.240.7.33]250-SIZE250-AUTH LOGIN CRAM-MD5250-VRFY250-8BITMIME250 OK
[2017.12.05] 14:21:11 [54.240.7.33][16500533] cmd: MAIL FROM:<010201602856ddd0-48ebd6ac-b2aa-4ed6-8a1f-1e8f4fa0a86e-000000@eu-west-1.amazonses.com>
[2017.12.05] 14:21:11 [54.240.7.33][16500533] rsp: 250 OK <010201602856ddd0-48ebd6ac-b2aa-4ed6-8a1f-1e8f4fa0a86e-000000@eu-west-1.amazonses.com> Sender ok
[2017.12.05] 14:21:11 [54.240.7.33][16500533] cmd: RCPT TO:<jonathanterry@americanlenders.com>
[2017.12.05] 14:21:11 [54.240.7.33][16500533] rsp: 250 OK <jonathanterry@americanlenders.com> Recipient ok
[2017.12.05] 14:21:11 [54.240.7.33][16500533] cmd: DATA
[2017.12.05] 14:21:11 [54.240.7.33][16500533] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2017.12.05] 14:21:12 [54.240.7.33][16500533] Exception: Object reference not set to an instance of an object.
[2017.12.05] 14:21:12 [54.240.7.33][16500533] data transfer failed. 
[2017.12.05] 14:21:12 [54.240.7.33][16500533] disconnected at 12/5/2017 2:21:12 PM
2
Scarab Replied
12/6/2017 at 12:31 PM
I would hope that SmarterMail is properly sanitizing non-ASCII strings after decoding them but it would certainly be nice to know this for a fact. It would be reassuring to hear from SmarterTools themselves on whether they have addressed the Mailsploit vulnerability for an upcoming patch or have verified that SmarterMail (and SmarterTrack) have been pen-tested for this vulnerability and passed with flying colors. Considering Mailsploit has hit every IT rag yesterday and is hitting mainstream media today inquiring minds certainly want to know.
0
Matt Petty Replied
12/7/2017 at 7:40 AM
Employee Post
Right now all but one test fail to even deliver the mail due to some null reference errors. The one test that does go through gets smacked down by DKIM.
We will be working on why it's having delivery issues, then retesting it.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Scarab Replied
12/7/2017 at 10:36 AM
Thanks for the update Matt. It is greatly appreciated and definitely good to hear that SmarterTools has been following Best Practices with sanitizing non-ASCII properly!

The Null reference errors in delivery I've noticed with email with a From: <> in the latest v16 release so that's not too much of a surprise that it is happening with Mailsploit messages too. We don't get too many emails a day with Null senders so it's really been a minor issue clearing them out of the Spool manually.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Messages from Trusted Senders are going to my Junk folderSmarterMail > Troubleshooting
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Slow 250 response after Mail From command is issued during an SMTP session.SmarterMail > Troubleshooting
Cannot Send Email MessagesSmarterMail > Troubleshooting
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration