Changeset 9f3382f for server

Timestamp:

02/07/2024 02:39:29 PM (3 months ago)

Author:

Ken Moffat <ken@…>

Branches:

12.1, ken/TL2024, lazarus, rahul/power-profiles-daemon, trunk, xry111/llvm18

Children:

f93c7d2

Parents:

fe1f174

Message:

postfix - update the smuggling details for 3.8.5.

The previous 'yes' is now aliased to 'normalize' which will be
the default in postfix-3.9, so prefer that. It now only rejects
if the bare newlines are in the DATA section of the mail, to
provide better compatibility with existing SMTP clients.

If a site needs to reject mails with bare newlines in the
message body, the value can be changed to 'reject'.

See ​https://www.openwall.com/lists/oss-security/2024/01/22/1

File:

• server/mail/postfix.xml (modified) (1 diff)

server/mail/postfix.xml

@@ -412 +412 @@
         additional steps are required. Add two lines into
         <filename>/etc/postfix/main.cf</filename> to disconnect remote SMTP
-        clients that send bare newlines, while also allowing clients on your
-        network with non-standard SMTP implementations to still send mail:
-      </para>
-
-<screen role="root"><userinput>echo 'smtpd_forbid_bare_newline = yes' &gt;&gt; /etc/postfix/main.cf &amp;&amp;
+        clients that send bare newlines in the DATA section, while also
+        allowing clients on your network with non-standard SMTP implementations
+        to still send mail:
+      </para>
+
+<screen role="root"><userinput>echo 'smtpd_forbid_bare_newline = normalize' &gt;&gt; /etc/postfix/main.cf &amp;&amp;
 echo 'smtpd_forbid_bare_newline_exclusions = $mynetworks' &gt;&gt; /etc/postfix/main.cf</userinput></screen>