The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The test tool [1] revealed that my 3.7.9 Postfix using `smtpd_forbid_bare_newline = yes` admits smuggling for the `\r\n.\n` case.
One still needs `smtpd_data_restrictions = reject_unauth_pipelining` to close that one as well.
[1] https://github.com/The-Login/SMTP-Smuggling-Tools.git
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
