On Wed, Dec 27, 2023 at 11:40:56PM +0100, Damian via Postfix-users wrote:
> > The attack can be mitigated by using BDAT.
>
> Can someone clarify?
It really does not matter much, but leaving BDAT enabled can help in
some cases. It is not necessary to go this deep down the rabbit hole.
If both the original server and the downstream incoming server support
BDAT, the SMTP smuggling will not succeed, because it depends on the
incoming server seeing a non-standard <LF>.<LF> or <LF>.<CRLF> as end of
message, but that's a feature of DATA, not BDAT which instead sends
explicit block lengths, and does not depend on any magic end of input
marker.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
