PSIRTFortiMail - SMTP Smuggling
Summary
Fortinet is aware of the new SMTP smuggling technique.
By exploiting interpretation differences of the SMTP protocol for the end of data sequence, it is possible to send spoofed e-mails, while still passing SPF alignment checks.
FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks:
- Enable DKIM (Domain Keys Identified Mail) to enhance e-mail authentication. Select "None" action under DKIM check in AntiSpam profile in order to block by default e-mail without DKIM signature.
- Disable "any-any" traffic policy to restrict unauthorized access.
- Modify the configuration settings in line with the recommended security practices (DMARC/DKIM/SPF, proper ACL policy, avoid open relay MTA).
| Version | Affected | Solution |
|---|---|---|
| FortiMail 7.4 | 7.4 all versions | Apply SMTP smuggling best-practice measures. |
| FortiMail 7.2 | 7.2 all versions | Apply SMTP smuggling best-practice measures. |
| FortiMail 7.0 | 7.0 all versions | Apply SMTP smuggling best-practice measures. |
| FortiMail 6.4 | 6.4 all versions | Apply SMTP smuggling best-practice measures. |
Timeline
2024-04-09: Initial publication
2024-04-16: Update versions information