DECNET

anti/DECNET

Fork 0

Commit Graph

Author	SHA1	Message	Date
anti	fdf38a9d8c	feat(smtp_relay): add upstream_sender to fix SPF on probe forwarding Override the envelope MAIL FROM with a domain we own when talking to the upstream relay. SPF passes at the recipient; the attacker's From: header inside the message body is untouched so they see their own address in their inbox and believe the relay is real.	2026-04-30 11:47:18 -04:00
anti	9a4fe2677b	feat(smtp_relay): forward probe emails upstream so attackers verify relay works First SMTP_PROBE_LIMIT messages per source IP are forwarded via a real upstream relay (SMTP_UPSTREAM_HOST/PORT/USER/PASS) so the attacker's test email actually lands in their inbox. All subsequent messages from the same IP get 250 Ok but only hit the quarantine — campaign content captured, nothing delivered.	2026-04-30 11:21:04 -04:00
anti	862e4dbb31	merge: testing → main (reconcile 2-week divergence)	2026-04-28 18:36:00 -04:00

Author

SHA1

Message

Date

anti

fdf38a9d8c

feat(smtp_relay): add upstream_sender to fix SPF on probe forwarding

Override the envelope MAIL FROM with a domain we own when talking to the
upstream relay. SPF passes at the recipient; the attacker's From: header
inside the message body is untouched so they see their own address in their
inbox and believe the relay is real.

2026-04-30 11:47:18 -04:00

anti

9a4fe2677b

feat(smtp_relay): forward probe emails upstream so attackers verify relay works

First SMTP_PROBE_LIMIT messages per source IP are forwarded via a real
upstream relay (SMTP_UPSTREAM_HOST/PORT/USER/PASS) so the attacker's
test email actually lands in their inbox. All subsequent messages from
the same IP get 250 Ok but only hit the quarantine — campaign content
captured, nothing delivered.

2026-04-30 11:21:04 -04:00

anti

862e4dbb31

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

3 Commits