Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #217: The MGs ran out of gas.

comp / comp.mail.sendmail / Re: SMTP smuggling with NUL char - m4 option to reject them

SubjectAuthor
* SMTP smuggling with NUL char - m4 option to reject themMarco Moock
`* Re: SMTP smuggling with NUL char - m4 option to reject themClaus Aßmann
 `* Re: SMTP smuggling with NUL char - m4 option to reject themStacey Marshall
  `- Re: SMTP smuggling with NUL char - m4 option to reject themMarco Moock

1
Subject: SMTP smuggling with NUL char - m4 option to reject them
From: Marco Moock
Newsgroups: comp.mail.sendmail
Organization: A noiseless patient Spider
Date: Sat, 4 May 2024 13:00 UTC
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mm+usenet-es@dorfdsl.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: SMTP smuggling with NUL char - m4 option to reject them
Date: Sat, 4 May 2024 15:00:13 +0200
Organization: A noiseless patient Spider
Lines: 14
Message-ID: <v15bh1$16thj$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 04 May 2024 15:00:17 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="5dd9b0c51d231e36b6b278947d7f9d10";
logging-data="1275443"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19fOmC1sK5INs5OG9pjHWIP"
Cancel-Lock: sha1:jBQdWx03lWN7/d2lYMsaOdJi+SA=
View all headers

Hello!

There has been discussion about SMTP smuggling via NUL characters.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070190

It seems that sendmail includes an FFR option to reject such mails, but
no m4 option yet.

Is such a thing planned in near future?

--
kind regards
Marco

Subject: Re: SMTP smuggling with NUL char - m4 option to reject them
From: Claus Aßmann
Newsgroups: comp.mail.sendmail
Organization: MGT Consulting
Date: Sat, 4 May 2024 16:25 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!weretis.net!feeder9.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: SMTP smuggling with NUL char - m4 option to reject them
Date: Sat, 4 May 2024 12:25:02 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <v15ngu$hj9$1@news.misty.com>
References: <v15bh1$16thj$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 4 May 2024 16:25:02 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="18025"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
View all headers

Marco Moock wrote:

> It seems that sendmail includes an FFR option to reject such mails, but
> no m4 option yet.

What's the problem?

LOCAL_CONFIG
O RejectNUL=true

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Subject: Re: SMTP smuggling with NUL char - m4 option to reject them
From: Stacey Marshall
Newsgroups: comp.mail.sendmail
Organization: A noiseless patient Spider
Date: Fri, 17 May 2024 10:19 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: stacey.marshall@gmail.com (Stacey Marshall)
Newsgroups: comp.mail.sendmail
Subject: Re: SMTP smuggling with NUL char - m4 option to reject them
Date: Fri, 17 May 2024 11:19:29 +0100
Organization: A noiseless patient Spider
Lines: 27
Message-ID: <v27avj$2520r$1@dont-email.me>
References: <v15bh1$16thj$1@dont-email.me> <v15ngu$hj9$1@news.misty.com>
Reply-To: Stacey Marshall
<INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_stacey.marshall+ml@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 17 May 2024 12:19:31 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="3c86352cc9ba05b9e49c14e217eed6a2";
logging-data="2263067"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/8EnN8EgiAoISkRisMekBSfAeCSVi6L3s="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:7ay4ZTw13ctw7/oedDwcCfMyjQE=
Content-Language: en-US
In-Reply-To: <v15ngu$hj9$1@news.misty.com>
View all headers

On 04/05/2024 17:25, Claus Aßmann wrote:
> What's the problem?
>
> LOCAL_CONFIG
> O RejectNUL=true
>
>

Being relatively new to sendmail configuration myself that had escaped
me too. cf/README does mention it, but it looks so different to most of
the other settings in sendmail.mc. Embarrassingly I see now that
there was already a similar example in sendmal.mc only for
LOCAL_NET_CONFIG. livin' and learnin':

# diff -u sendmail.mc test.mc
--- sendmail.mc 2023-10-17 03:29:33.826913320 -0700
+++ test.mc 2024-05-17 03:12:22.832629965 -0700
@@ -26,5 +26,8 @@
MAILER(`local')dnl
MAILER(`smtp')dnl

+LOCAL_CONFIG
+O RejectNUL=true
+ LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3

Subject: Re: SMTP smuggling with NUL char - m4 option to reject them
From: Marco Moock
Newsgroups: comp.mail.sendmail
Organization: A noiseless patient Spider
Date: Fri, 17 May 2024 12:23 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mm+usenet-es@dorfdsl.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: Re: SMTP smuggling with NUL char - m4 option to reject them
Date: Fri, 17 May 2024 14:23:27 +0200
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <v27i80$25h7g$3@dont-email.me>
References: <v15bh1$16thj$1@dont-email.me>
<v15ngu$hj9$1@news.misty.com>
<v27avj$2520r$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 17 May 2024 14:23:28 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="819ecece29278dcf979d3e5607e46923";
logging-data="2278640"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18yKUd9dLnlGk8bPtBO/PDm"
Cancel-Lock: sha1:iEt+2Mo4GIRLLM04o33mHF2+CEU=
View all headers

On 17.05.2024 um 11:19 Uhr Stacey Marshall wrote:

> cf/README does mention it, but it looks so different to most of
> the other settings in sendmail.mc.

The .mc file is being processed by the macro processor m4.
To make configuration easy, most mc config lines are m4 commands.

The real configuration then resides in the .cf files and doesn't use m4
commands, so looks different. :-)
The m4 command will result in the cf configuration lines after
processing.

For rejecting the NUL char, no m4 config exists in the current version.
That's why I asked because it is also an FFR compile time option that
might change, be removed or is simply not intended to be used in
productive systems.

--
kind regards
Marco

Send spam to 1715937569muell@cartoonies.org

1

rocksolid light 0.9.8
clearnet tor