[An on-line version of this announcement will be available at 

Fixed with Postfix 3.8.4:

  * Security: this release adds support to defend
    against an email spoofing attack (SMTP smuggling) on
    recipients at a Postfix server. For background, see

    Sites concerned about SMTP smuggling attacks should enable this
    feature on Internet-facing Postfix servers. For compatibility
    with non-standard clients, Postfix by default excludes clients
    in mynetworks from this countermeasure.

    The recommended settings are:

        # Optionally disconnect remote SMTP clients that send bare newlines,
        # but allow local clients with non-standard SMTP implementations
        # such as netcat, fax machines, or load balancer health checks.
        smtpd_forbid_bare_newline = yes
        smtpd_forbid_bare_newline_exclusions = $mynetworks

    The smtpd_forbid_bare_newline feature is disabled by default.

You can find the updated Postfix source code at the mirrors listed at

Postfix-announce mailing list -- postfix-announce@postfix.org
To unsubscribe send an email to postfix-announce-le...@postfix.org

Reply via email to