Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single email message) in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description SMTP protocol (refer RFC 5321 and 5322), is an Internet based protocol for e-mail transmission and exchange. The SMTP protocol is used by multiple servers to relay emails as the email is exchanged between a sender and a recipient. This handover of emails allows for a complex number of next-hop servers to interact and exchange emails before its delivery to the intended recipient. A priority based Mail eXchange (MX) record also allows for emails to delivered to alternate servers or partner gateways to spool and deliver in cases of outages. In order prevent fraudulent emails, email software and services authenticate a user and employ security policies such DMARC, essentially a combination of SPF and DKIM, to certify an email's origination as it traverse these various services. Security researcher Timo Longin at SEC Consult discovered that the email software deployed across numerous SMTP servers treats the end-of-data sequence inconsistently. An attacker can exploit this inconsistency by crafting an email message that deviates from the standard end-of-data sequence, causing confusion as the message is transferred to its next hop. Any email server within the route of SMTP Gateways…Read More