'Re: [oss-security] Fwd: [pfx-ann] Postfix stable release 3.8.4'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Fwd: [pfx-ann] Postfix stable release 3.8.4
From:       Solar Designer <solar () openwall ! com>
Date:       2023-12-22 22:45:27
Message-ID: 20231222224527.GA6513 () openwall ! com
[Download RAW message or body]

On Fri, Dec 22, 2023 at 05:41:56PM +0100, Solar Designer wrote:
> Subject: [pfx-ann] Postfix stable release 3.8.4

This was followed by almost identical announcements for 3 other stable
branches of Postfix, with the fix included in 3.7.9, 3.6.13, and 3.5.23.
I'm not forwarding those individual messages in here, but I thought it's
relevant to mention that these 4 branches/releases got the fix now.

> [An on-line version of this announcement will be available at \
> https://www.postfix.org/announcements/postfix-3.8.4.html] 
> Fixed with Postfix 3.8.4:
> 
> * Security: this release adds support to defend
> against an email spoofing attack (SMTP smuggling) on
> recipients at a Postfix server. For background, see
> https://www.postfix.org/smtp-smuggling.html.
> 
> Sites concerned about SMTP smuggling attacks should enable this
> feature on Internet-facing Postfix servers. For compatibility
> with non-standard clients, Postfix by default excludes clients
> in mynetworks from this countermeasure.
> 
> The recommended settings are:
> 
> 	# Optionally disconnect remote SMTP clients that send bare newlines,
> 	# but allow local clients with non-standard SMTP implementations
> 	# such as netcat, fax machines, or load balancer health checks.
> 	#
> 	smtpd_forbid_bare_newline = yes
> 	smtpd_forbid_bare_newline_exclusions = $mynetworks
> 
> The smtpd_forbid_bare_newline feature is disabled by default.
> 
> You can find the updated Postfix source code at the mirrors listed at
> https://www.postfix.org/.
> 
> 	Wietse
> _______________________________________________
> Postfix-announce mailing list -- postfix-announce@postfix.org
> To unsubscribe send an email to postfix-announce-leave@postfix.org
> 
> ----- End forwarded message -----

Alexander


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic