handmade.social

0 posts0 participants0 posts today

Peter N. M. HansteenI thought I had seen it all when it comes to mail delivery and security issues. But this morning I was introduced to the fact that there are Exchange admins who will implement a rule that all incoming mail from outside their own organization should be flagged as potentially dangerous and presented to the user with the option to block sender and no option to mark the message or the sender as valid.Yes, that for every single message.<a href="https://mastodon.social/tags/exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#exchange</a> <a href="https://mastodon.social/tags/smtp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smtp</a> <a href="https://mastodon.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#email</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

Kevin Karhan :verified:<a href="https://mastodon.ie/@Ciela" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Ciela</a> <a href="https://spookygirl.boo/@thelusciouslibra" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@thelusciouslibra</a> I can recommend <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> tho you should never ever rely on any <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eMail</a> hoster, but use <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a> which is easier than ever thanks to <a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@thunderbird</a> on <a href="https://infosec.space/tags/Desktop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Desktop</a> and <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a>!Also <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#monocles</a> does have a cool <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eMail</a> client and don't demand extra for <a href="https://infosec.space/tags/IMAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IMAP</a> & <a href="https://infosec.space/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a> as well as offering <a href="https://infosec.space/tags/PayPal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PayPal</a>, <a href="https://infosec.space/tags/Stripe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Stripe</a>, <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SEPA</a> <a href="https://infosec.space/tags/WireTransfer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WireTransfer</a>, <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CashByMail</a> and <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Monero</a> for payment, and they cost as little as €2 p.m.

Florian HaasRecent Thunderbird releases have added a "Redirect" option to the message forwarding context menu. However, using this feature doesn't set any of the Resent-* headers defined in RFC 5322 sec. 3.6.6, so functionally this is no different from a normal email forward.Clearly I'm misunderstanding what the feature is meant to do. Anyone clued in enough to be able to fill me in?<a href="https://datatracker.ietf.org/doc/html/rfc5322#section-3.6.6" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://datatracker.ietf.org/doc/html/rfc5322#section-3.6.6</a><a href="https://mastodon.social/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Thunderbird</a> <a href="https://mastodon.social/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Email</a> <a href="https://mastodon.social/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a> <a href="https://mastodon.social/tags/RFC5322" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RFC5322</a>

Patryk KrawaczyńskiSMTP Smuggling Attack ( <a href="https://nfsec.pl/ai/6561" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://nfsec.pl/ai/6561</a> ) <a href="https://infosec.exchange/tags/smtp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smtp</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://infosec.exchange/tags/servers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#servers</a> <a href="https://infosec.exchange/tags/twittermigration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#twittermigration</a> <a href="https://www.youtube.com/watch?v=P1Jjz-1EskY" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/watch?v=P1Jjz-1EskY</a>

StahlbrandtIf your domain is bsky.app and you are using amazon <a href="https://infosec.exchange/tags/aws" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#aws</a> for your <a href="https://infosec.exchange/tags/mail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mail</a> services and your mail server is spam listed when required for such high priority activities as account <a href="https://infosec.exchange/tags/verification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#verification</a>, you have an issue, and a <a href="https://infosec.exchange/tags/systemdesign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#systemdesign</a> <a href="https://infosec.exchange/tags/flaw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#flaw</a>. Even more so if the said server was spam listed for 6 times in the last three months. <a href="https://infosec.exchange/tags/bluesky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bluesky</a> <a href="https://infosec.exchange/tags/fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fail</a> <a href="https://infosec.exchange/tags/esmtp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#esmtp</a> <a href="https://infosec.exchange/tags/smtp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smtp</a> <a href="https://infosec.exchange/tags/spamcop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spamcop</a> <a href="https://infosec.exchange/tags/blacklist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blacklist</a>

David BissetFor <a href="https://phpc.social/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#developers</a>:MailCatcher runs a super simple <a href="https://phpc.social/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a> server - run this and set your favourite app to deliver to smtp://127.0.0.1:1025 instead of your default SMTP server, then check out in browser http://127.0.0.1:1080 to see the mail that's arrived so far.<a href="https://mailcatcher.me/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mailcatcher.me/</a> <a href="https://phpc.social/tags/webdev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webdev</a>

Jonathan Kamens<a href="https://federate.social/tags/TFW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TFW</a> you don't receive the email from <a href="https://federate.social/tags/CVS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVS</a> with the record of your recent vaccination, and when you dig into why, it turns out it's because the <a href="https://federate.social/tags/Salesforce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Salesforce</a> mail server sending the emails doesn't have a DNS record for its host name so your mail server, like many other properly configured mail servers all over the internet, rejects its emails as spam. Why are people so bad at their jobs? <a href="https://federate.social/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a> <a href="https://federate.social/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SysAdmin</a>

C.<a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@GossiTheDog</a> The update results in <a href="https://mindly.social/tags/Exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Exchange</a> <a href="https://mindly.social/tags/crashing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#crashing</a> and being unable to deliver <a href="https://mindly.social/tags/mail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mail</a> reliably.<a href="https://mindly.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> is currently working on a method for <a href="https://mindly.social/tags/sysadmins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sysadmins</a> to determine if the update is affecting their servers in this way, of if it's just normal Exchange operation.<a href="https://mindly.social/tags/MSExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MSExchange</a> <a href="https://mindly.social/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a> <a href="https://mindly.social/tags/bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bug</a> <a href="https://mindly.social/tags/commentary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#commentary</a>

Harald Hannelius :verified:A partner higher ed has a mailing list on <a href="https://mementomori.social/tags/ExchangeOnline" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ExchangeOnline</a> . So their <a href="https://mementomori.social/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a> server contacts ours and says "Hello, here's an e-mail from your domain". Our <a href="https://mementomori.social/tags/SPF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SPF</a> says no thanks (are we actually the only ones blocking based on SPF?). The listserver should rewrite headers and use a return-path address from their domain. The From: header can have our user's emailaddress (think this breaks DKIM though?). Good luck for our partner in fixing this on their end. They probably have to set up a <a href="https://mementomori.social/tags/MTA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MTA</a> and route all outgoing mail through that. Ms won't fix.

Lukas BeranInbound SMTP DANE with DNSSEC for Exchange Online is generally available!It can be configured via PowerShell and since December, it should be available also from Exchange admin center.New accepted domains will start using the mx.microsoft domain instead of the mail.protection.outlook.com domain.Some consumer Outlook domains have been already migrated, the remaining Outlook and Hotmail domains for consumer email is expected to be completed by the end of 2024.<a href="https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292</a><a href="https://infosec.exchange/tags/smtp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smtp</a> <a href="https://infosec.exchange/tags/dane" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dane</a> <a href="https://infosec.exchange/tags/office365" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#office365</a> <a href="https://infosec.exchange/tags/exchangeonline" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#exchangeonline</a>

Kevin Karhan :verified:<a href="https://freiburg.social/@ditol" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ditol</a> <a href="https://mastodon.world/@samueljohn" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@samueljohn</a> <a href="https://23.social/@linuzifer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@linuzifer</a> THIS is where I disagree...You may think it's elitist, but if people are too lazy to learn even fundamentals like how to use <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tails</a> then maybe they should just not do <a href="https://infosec.space/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> at all?<ul><li>Like: We expect people to show at the every least theoretical proficiency in terms of <a href="https://infosec.space/tags/TrafficCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TrafficCode</a> and <a href="https://infosec.space/tags/VehicleSafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VehicleSafety</a> in +every juristiction I'm aware of* and literally mandated <a href="https://infosec.space/tags/DrivingLicense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DrivingLicense</a>|s for that reason.</li></ul>I'll gladly teach <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechIlliterates</a> but I won't waste my time on <a href="https://infosec.space/@kkarhan/113344834546549105" rel="nofollow noopener noreferrer" target="_blank">people that spread disinfo</a>...It's 2024: <a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tails_live</a> / <a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tails</a> has been out for over a decade and there are a shitload of guides ranging from written documentation to Zoomer-friendly TikTok-Style shorts on how to get started.<ul><li>I don't expect people to do <a href="https://infosec.space/tags/airgapped" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#airgapped</a> <a href="https://www.youtube.com/watch?v=vdab4T_CoN8" rel="nofollow noopener noreferrer" target="_blank">pffline-PGP</a> but with <a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@thunderbird</a> including <a href="https://infosec.space/tags/Enigmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Enigmail</a> and not requiring any external dependencies like the god-awful <a href="https://infosec.space/tags/GPG4Win" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GPG4Win</a> stuff's easier than ever.</li><li>Same with <a href="https://infosec.space/tags/mobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mobile</a>: <a href="https://infosec.space/tags/Appls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Appls</a> like <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#monoclesChat</a> are so easy, I've been able to onboard literal tech-illiterates remotely with few steps and <a href="https://docs.monocles.eu/apps/chat.app/" rel="nofollow noopener noreferrer" target="_blank">simple instructions</a>. </li></ul>FOR THE LAST TIME: *STOP MAKING EXCUSES TO JUSTIFY ESCALATING COMMITMENT TO EVIDENTLY BAD SOLUTIONS!"<ul><li>Cuz <a href="https://web.archive.org/web/20240000000000*/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">when push comes to shove</a> <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Mer__edith</a> herself would introduce a <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Govware</a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#backdoor</a> into <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> when faced with indefinite jailtime...</li></ul>Whereas with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfCustody</a> of all the keys as well as <a href="https://infosec.space/tags/ReproduceableBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproduceableBuilds</a> and real <a href="https://infosec.space/tags/decentralization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#decentralization</a>, this would be evidently impossible even if all the devs wanted to comply honestly and not just because they could be held at gunpoint.<ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> is not your friend. It's merely a tax-exempt "non-profit" corporation, and corporations are explicitly nobodys friend - espechally when they demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> like <a href="https://infosec.space/@kkarhan/111968251463697943" rel="nofollow noopener noreferrer" target="_blank">phone numbers</a> for useage.</li></ul>Compare that to <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#monocles</a> where you do pay like €2 p.m. but in return get <a href="https://infosec.space/tags/standard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#standard</a> <a href="https://infosec.space/tags/protocols" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#protocols</a> like <a href="https://infosec.space/tags/IMAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IMAP</a>, <a href="https://infosec.space/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a> & <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a> and <a href="https://monocles.eu/more/#payment-section" rel="nofollow noopener noreferrer" target="_blank">can pay anonymously</a> and not have to provide any PII whatsoever!<ul><li>And unlike <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> they ain't dependent on <a href="https://infosec.space/tags/VC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VC</a> funding and <a href="https://infosec.space/tags/grant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#grant</a> money to keep the lights on.</li></ul>Make of that what you will, but just like allowing flatearthers to roam freely without caretaker supervision doesn't make the world less round, so won't the facts change about <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITsec</a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpSec</a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComSec</a>. <ul><li>The only reason Signal is still online and not <a href="https://infosec.space/tags/pwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pwned</a> like <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EncroChat</a> is because it's either a Sting op like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ANØM</a> aka. <a href="https://infosec.space/tags/OperationIronside" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OperationIronside</a> aka. <a href="https://infosec.space/tags/OperationTr%C3%B8janShield" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OperationTrøjanShield</a> or they have already backdoored their <a href="https://infosec.space/tags/backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#backend</a> so hard that all their <a href="https://infosec.space/tags/marketing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#marketing</a> is just <a href="https://infosec.space/tags/lies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lies</a> like <a href="https://infosec.space/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a>... </li></ul>Because all <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleProvider</a> solutions are bad, and if they don't even allow for <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfCustody</a> then they are just a <a href="https://infosec.space/tags/grift" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#grift</a> to <a href="https://infosec.space/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> tech-illiterates that don't know and/or don't care! <a href="https://infosec.space/tags/thxbye" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#thxbye</a> <a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EOD</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬Critical <a href="https://hachyderm.io/tags/Zimbra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Zimbra</a> <a href="https://hachyderm.io/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RCE</a> flaw exploited to backdoor servers using <a href="https://hachyderm.io/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#email</a> The Zimbra remote code execution flaw is tracked as CVE-2024-45519 and exists in Zimbra's postjournal service, which is used to parse incoming emails over <a href="https://hachyderm.io/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a>. Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. <a href="https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/</a>

David Cantrell 🏏The approximately four generations deprecated VM that handles my email is finally being killed off by my ISP, and I can't really say that I blame them. I have about a month to find a new email provider for <a href="https://fosstodon.org/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a> and <a href="https://fosstodon.org/tags/IMAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IMAP</a>. No, I'm not going to host it myself again. Suggestions? So far <a href="https://fosstodon.org/tags/Fastmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fastmail</a> looks like it's not complete and utter dogshit although obviously it will never be as capable as my tangled mess of custom <a href="https://fosstodon.org/tags/exim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#exim</a> and <a href="https://fosstodon.org/tags/procmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#procmail</a>.

Lukas BeranInbound SMTP DANE (DNS-Based Authentication of Named Entities) is a security protocol designed to secure email communication by ensuring the authenticity of the receiving mail server’s encryption certificates when emails are delivered via the Simple Mail Transfer Protocol (SMTP).By default, SMTP doesn’t guarantee encryption, which makes it vulnerable to man-in-the-middle attacks. To secure email communication, SMTP can use STARTTLS, which upgrades a plain text connection to an encrypted one. However, STARTTLS by itself doesn’t verify the authenticity of the receiving mail server’s certificate, leaving it vulnerable to attacks where a malicious entity might impersonate the server.DANE addresses this issue by enabling domain owners to publish their mail server’s encryption certificates in DNS records, which are protected by DNSSEC (Domain Name System Security Extensions). This allows sending mail servers to verify the authenticity of the receiving mail server’s certificate before establishing an encrypted connection.When an email is received, the receiving mail server uses DANE to publish its certificate in the DNS, allowing the sending server to check the certificate’s validity before establishing a secure TLS connection. This ensures that emails are delivered over an encrypted connection and that the encryption certificate is trustworthy and has not been tampered with.<a href="https://www.cswrld.com/2024/09/how-to-turn-on-inbound-smtp-dane-in-office-365/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.cswrld.com/2024/09/how-to-turn-on-inbound-smtp-dane-in-office-365/</a><a href="https://infosec.exchange/tags/smtp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smtp</a> <a href="https://infosec.exchange/tags/dane" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dane</a> <a href="https://infosec.exchange/tags/inbound" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#inbound</a> <a href="https://infosec.exchange/tags/office365" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#office365</a> <a href="https://infosec.exchange/tags/exchangeonline" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#exchangeonline</a> <a href="https://infosec.exchange/tags/dnssec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dnssec</a> <a href="https://infosec.exchange/tags/cswrld" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cswrld</a>

Gregory Shapiro :donor:Greetings, time for my <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#introduction</a>!I’m a security and infrastructure technologist who lives in the Northern California Bay Area and works at <a href="https://infosec.exchange/tags/Proofpoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Proofpoint</a>. Outside of work, I assist in maintaining open source <a href="https://infosec.exchange/tags/sendmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sendmail</a> and am a <a href="https://infosec.exchange/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeBSD</a> committer. For my fellow geeks, my favorite protocols are <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a>, <a href="https://infosec.exchange/tags/SMTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMTP</a>, and <a href="https://infosec.exchange/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a>.When I'm not buried in my laptop, I like to travel and hang out with my partner and our two dogs.

Recent searches

Search options

Administered by:

Server stats:

#smtp