Source: postfix Version: 3.8.2-1 Severity: important Tags: security upstream Forwarded: https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.7.6-0+deb12u2 Control: found -1 3.5.18-0+deb11u1 Control: found -1 3.4.23-0+deb10u1
Hi There was a SMTP smuggling vulerability reported, for which in some Postfix versions at least already exists short term mitiations in form of "smtpd_forbid_unauth_pipelining = yes". Details via: https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ Regards, Salvatore