I'm running on Ubuntu 22 which ships postfix 3.6.4 .
I've tried the short term solution, but this test tool still can send forged emails: $ postconf -n | grep -E "smtpd_data_restrictions|smtpd_discard_ehlo_keywords" smtpd_data_restrictions = reject_unauth_pipelining smtpd_discard_ehlo_keywords = chunking, silent-discard Is there anything I can do? KR, Gino Sent with Proton Mail secure email. On Saturday, January 6th, 2024 at 11:38 AM, Damian via Postfix-users <postfix-users@postfix.org> wrote: > > The recommended settings are: > > > > # Optionally disconnect remote SMTP clients that send bare newlines, > > # but allow local clients with non-standard SMTP implementations > > # such as netcat, fax machines, or load balancer health checks. > > # > > smtpd_forbid_bare_newline = yes > > smtpd_forbid_bare_newline_exclusions = $mynetworks > > > > The test tool [1] revealed that my 3.7.9 Postfix using > `smtpd_forbid_bare_newline = yes` admits smuggling for the `\\r\\n.\\n` case. > One still needs `smtpd_data_restrictions = reject_unauth_pipelining` to close > that one as well. > > [1] https://github.com/The-Login/SMTP-Smuggling-Tools.git > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
