oss-sec mailing list archives
Re: spoofing of local email sender via a homoglyph attack
From: Claus Assmann <ml+oss () esmtp org>
Date: Thu, 23 Apr 2020 17:58:06 +0200
On Thu, Apr 23, 2020, PromiseLabs Pentest Research wrote:
It's related to the from header.
220 *** OMITTED *** ESMTP Postfix mail from: john.doe () server com 250 2.1.0 Ok
1. The correct syntax is MAIL From:<john.doe () server com> See RFC 5321 et.al: no spaces, and <> around the address. 2. That's the envelope sender, not "the from header" You can probably use From: john.doe () server com in the header even without authentication (I haven't tried it; I do not have postfix installed).
Current thread:
- spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Jeremy Stanley (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack John Haxby (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Wietse Venema (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Claus Assmann (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Stuart D. Gathman (Apr 23)