Groups
Sign in
Groups
list.postfix.users
Conversations
About
Send feedback
Help
info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Learn more
Reject mails with multiple From headers
12 views
Skip to first unread message
Michel Le Bihan
unread,
Oct 17, 2020, 2:51:32 PM
10/17/20
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Hello,
I found out about a new vulnerability where if several from headers are present in a message, the header that is displayed in the client can be different from the one that is validated.
4a in
https://i.blackhat.com/USA-20/Thursday/us-20-Chen-You-Have-No-Idea-Who-Sent-That-Email-18-Attacks-On-Email-Sender-Authentication.pdf
5.1 in
https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
Such messages seem non compliant with RFC 5322 3.6.2 (
https://tools.ietf.org/html/rfc5322#section-3.6.2
) that says only about one from field ("The from field")
Is it possible to configure Postfix to reject mails with multiple From headers?
0 new messages