GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from

Home » GFI User Forums » Kerio Connect » Kerio & mailsploit
dialog-warning.png  Kerio & mailsploit [message #137847] Tue, 05 December 2017 23:02 Go to next message
shifty is currently offline  shifty
Messages: 8
Registered: August 2008
Is there any information about if and how effected Kerio Connect is regarding the MailSplot vulnerability?

I guess it is effected like almost everybody but I would like to hear something official and if there is a fix coming out soon.

Re: Kerio & mailsploit [message #137848 is a reply to message #137847] Wed, 06 December 2017 09:06 Go to previous message
freakinvibe is currently offline  freakinvibe
Messages: 597
Registered: April 2004
I have run the demo on the website you mentioned and I got the 14 test emails.

In the Kerio Web Client, on the list of emails on the left, 7 of them show potus<_at_> as the sender. But on the right side (the email preview), you always see the true sender, so I don't see this as a problem. Example: <=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=0A=00?=<_at_ >>

So I guess the average user would see that something is strange. But of course that is just my personal opinion. Anyhow, it would be good if Kerio can improve the visibility.

Also, Kerio Connect does not do DMARC/DKIM checks for incoming email, so there is nothing they can correct there.

Dexion Services AG - IT Support Services in Basel, Switzerland
Previous Topic: Mac Mail client "move messages" problems
Next Topic: Multiple mails send from all alias adresses
Goto Forum:

Current Time: Tue Oct 03 00:07:15 CEST 2023

Total time taken to generate the page: 0.06623 seconds