JARVIS
Der Mail Transfer Agent (MTA) für Linux und Unix Postfix erhielt ein Security und Bugfix Release in den Versionen 3.8.5, 3.7.10, 3.6.14 und 3.5.24.
Postfix 3.8.5 – 3.7.10 – 3.6.14 – 3.5.24 Release Notes
Security: this release improves support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. For background, see https://www.postfix.org/smtp-smuggling.html.
The improvements provide better logging, and better compatibility with existing SMTP clients (less need to allowlist clients).
Sites concerned about SMTP smuggling attacks should enable this feature on Internet-facing Postfix servers. For compatibility with non-standard clients, Postfix by default excludes clients in mynetworks from this countermeasure.
The recommended settings are:
# Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
# Otherwise, allow bare <LF> and process it as if the client sent
# <CR><LF>.
#
# This maintains compatibility with many legitimate SMTP client
# applications that send a mix of standard and non-standard line
# endings, but will fail to receive email from client implementations
# that do not terminate DATA content with the standard End-of-DATA
# sequence <CR><LF>.<CR><LF>.
#
# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
# The example below allowlists SMTP clients in trusted networks.
#
smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworksNotes:
- The default setting is „smtpd_forbid_bare_newline = no“ in Postfix releases < 3.9, for compatibility reasons. This means that Postfix is by default vulnerable to SMTP smuggling.
- The new setting „smtpd_forbid_bare_newline = normalize“ is the default for Postfix releases 3.9 and later.
- The old setting „smtpd_forbid_bare_newline = yes“ is now an alias for „smtpd_forbid_bare_newline = normalize“.
- The new setting „smtpd_forbid_bare_newline = reject“ will refuse commands or message content with a bare newline. For details see the RELEASE_NOTES or the postconf(5) documentation.
Quelle: https://www.postfix.org/announcements/postfix-3.8.5.html
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.