If you're using Postfix on Debian Linux, this will likely be of interest to you...
The updated Postfix v3.7.9 that can prevent the SMTP Smuggling problem by introducing the "smtpd_forbid_bare_newline" configuration setting is now available on Debian (Linux) v12.4. I just upgraded my production servers after testing, and it's working reliably. (Apparently there are also options for earlier versions of Debian and Postfix, which are detailed in the document linked hereunder...) *** IMPORTANT *** Additional configuration may be needed, depending on a few factors: 1. If your installation of Postfix's smtpd_forbid_bare_newline setting is not enabled, then you'll need to update your /etc/postfix/main.cf file accordingly. You can check the current setting with the following comand: postconf | grep smtpd_forbid_bare_newline This setting is explained on the Postfix web site: Postfix :: SMTP Smuggling :: Long-term fix https://www.postfix.org/smtp-smuggling.html#long 2. If you implemented the short-term workarounds, you may want to reverse those changes (also in the /etc/postfix/main.cf file). You can read more about the short-term workarounds, here: Postfix :: SMTP Smuggling :: Short-term workarounds https://www.postfix.org/smtp-smuggling.html#short If you're not using a version of Postfix that supports the new "smtpd_forbid_bare_newline" configuration setting, then those short-term workarounds will have to suffice until you can get the updated version of Postfix installed on your systems. *** A special note of apprecaition goes to the Debian developers, and the entire team of people who work on Debian and contribute to the project, for working on this over the holiday season -- your efforts are important and tremendously helpful. Thank you. *** -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop