Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Full read: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
I short, the end-of-data command in SMTP is specified as a dot surrounded by carriage return and line feed: <CR><LF>.<CR><LF>. However the Cisco Secure Email Ga...
The only setting which is vulnerable to the SMTP smuggling attack is "Clean messages of bare CR and LF characters", which is the default setting. With this setting, the Cisco Cisco Secure Email (Cloud) Gateway will "repair" broken line endings with C...
I wonder why anyone would name their server spamrelay.
Did you try the tlsverify command?
You can start a packet capture to the IP addresses of the MX servers of the domain of the recipient and then send another test message. The capture will show yo...
You can test with tlsverify from the command line.
To record all exchanged SMTP messages in full details, Log subcriptions > Add log subscription > Type: Domain Debug Logs can be used: https://www.cisco.com/c/en/us/support/docs/security/email-securit...
This was a global outage of all Cisco Secure Email Gateways which have graymail scanning enabled since 2023-09-29 07:00 UTC. Probaly caused by a malformed update of the engine, Cisco is working on the problem. See also https://urgentnotices.statuspag...
We created a TAC case for this. The answer is that this bug is currently fixed in versions that include the filter "Duplicate MIME boundaries". This includes 10.0.1.
However the possibility to circumvent attachment based filters is NOT automatically ...
