Changeset d524862 for server

Timestamp:

12/30/2023 05:33:09 AM (4 months ago)

Author:

Douglas R. Reno <renodr@…>

Branches:

12.1, ken/TL2024, lazarus, plabs/newcss, rahul/power-profiles-daemon, trunk, xry111/llvm18

Children:

d8ce086

Parents:

418dddd

Message:

Update to postfix-3.8.4 (Security Update)

File:

• server/mail/postfix.xml (modified) (2 diffs)

server/mail/postfix.xml

@@ -10 +10 @@
   <!ENTITY postfix-download-http "https://ghostarchive.org/postfix/postfix-release/official/postfix-&postfix-version;.tar.gz">
   <!ENTITY postfix-download-ftp  " ">
-  <!ENTITY postfix-md5sum        "7edfadf15fafe73523266829172d890f">
+  <!ENTITY postfix-md5sum        "f2e5ac23387a5824bc365675697277e9">
   <!ENTITY postfix-size          "4.6 MB">
-  <!ENTITY postfix-buildsize     "156 MB">
+  <!ENTITY postfix-buildsize     "208 MB">
   <!ENTITY postfix-time          "0.2 SBU (Using parallelism=4)">
 ]>
@@ -407 +407 @@
 echo 'alias_database = lmdb:/etc/aliases' &gt;&gt; /etc/postfix/main.cf &amp;&amp;
 echo 'alias_maps = lmdb:/etc/aliases'     &gt;&gt; /etc/postfix/main.cf</userinput></screen>
+
+      <para>
+        To protect your server against the recent SMTP smuggling attacks,
+        additonal steps are required. Add two lines into
+        <filename>/etc/postfix/mail.cf</filename> to disconnect remote SMTP
+        clients that send bare newlines, while also allowing clients on your
+        network with non-standard SMTP implementations to still send mail:
+      </para>
+
+<screen role="root"><userinput>echo 'smtpd_forbid_bare_newline = yes' &gt;&gt; /etc/postfix/main.cf &amp;&amp;
+echo 'smtpd_forbid_bare_newline_exclusions = $mynetworks' &gt;&gt; /etc/postfix/main.cf</userinput></screen>
 
       <para>