Re: Fwd: [pfx-ann] Postfix stable release 3.8.4

[Solar Designer <solar () openwall com>]

On Fri, Dec 22, 2023 at 05:41:56PM +0100, Solar Designer wrote:
> Subject: [pfx-ann] Postfix stable release 3.8.4

This was followed by almost identical announcements for 3 other stable
branches of Postfix, with the fix included in 3.7.9, 3.6.13, and 3.5.23.
I'm not forwarding those individual messages in here, but I thought it's
relevant to mention that these 4 branches/releases got the fix now.

> [An on-line version of this announcement will be available at 
> https://www.postfix.org/announcements/postfix-3.8.4.html]
>
> Fixed with Postfix 3.8.4:
>
>   * Security: this release adds support to defend
>     against an email spoofing attack (SMTP smuggling) on
>     recipients at a Postfix server. For background, see
>     https://www.postfix.org/smtp-smuggling.html.
>
>     Sites concerned about SMTP smuggling attacks should enable this
>     feature on Internet-facing Postfix servers. For compatibility
>     with non-standard clients, Postfix by default excludes clients
>     in mynetworks from this countermeasure.
>
>     The recommended settings are:
>
>       # Optionally disconnect remote SMTP clients that send bare newlines,
>       # but allow local clients with non-standard SMTP implementations
>       # such as netcat, fax machines, or load balancer health checks.
>       #
>       smtpd_forbid_bare_newline = yes
>       smtpd_forbid_bare_newline_exclusions = $mynetworks
>
>     The smtpd_forbid_bare_newline feature is disabled by default.
>
> You can find the updated Postfix source code at the mirrors listed at
> https://www.postfix.org/.
>
>       Wietse
> _______________________________________________
> Postfix-announce mailing list -- postfix-announce () postfix org
> To unsubscribe send an email to postfix-announce-leave () postfix org
>
> ----- End forwarded message -----

Alexander