You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After reading about the current SMTP Smuggling issue, I was very curious, if qpsmtpd is also vulnerable.
So I tried to exploit this issue using smtpsmug.
Result: qpsmtpd correctly handled all my exploit probes and returns 421 See http://smtpd.develooper.com/barelf.html or 451 Incomplete DATA.
However there is one case that may have room for improvement: qpsmtpd currently also accepts \n.\r\n as end-of-data command, instead of \r\n.\r\n as specified in the RFC.
After reading about the current SMTP Smuggling issue, I was very curious, if
qpsmtpdis also vulnerable.So I tried to exploit this issue using
smtpsmug.Result:
qpsmtpdcorrectly handled all my exploit probes and returns421 See http://smtpd.develooper.com/barelf.htmlor451 Incomplete DATA.However there is one case that may have room for improvement:
qpsmtpdcurrently also accepts\n.\r\nas end-of-data command, instead of\r\n.\r\nas specified in the RFC.References:
The text was updated successfully, but these errors were encountered: