If you're not using the newest (patched) version of Postfix smtpd, a
short-term workaround for the SMTP Smuggling problem was announced
today (2023-Dec-26) that "will stop many forms of the published
attack" from succeeding:
Postfix :: SMTP Smuggling :: Short-term workarounds
https://www.postfix.org/smtp-smuggling.html#short
The long-term fix is also covered in the same document. At least
this short-term fix can be helpful for those who are still using
older versions of Postfix, and/or haven't applied the
anti-SMTP-Smuggling security patches.
Hopefully this will be helpful to mail systems administrators who
need it and provide at least some relief over the holiday season.
*** A special note of appreciation goes to the Postfix developers,
and the entire team of people who work on Postfix and contribute to
the project, for working on this over the holiday season -- your
efforts are important and tremendously helpful. Thank you. ***
--
Postmaster - [email protected]
Randolf Richardson - [email protected]
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
