Alan Munday via Postfix-users:
> As of the 22 Feb 2024 I have been seeing invalid MAIL FROM address from
> Microsoft:
>
> In: MAIL FROM: XATTRDIRECT=Originating
> XATTRORGID=xorgid:96f9e21d-a1c4-44a3-99e4-37191ac61848
>
> Clearly an issue with line termination, but one I have yet to find
> reported online.
Postfix "chat history" will fold long lines for readability (note
that there is only one "In:" above).
When I send the above as one line into Postfix, the response is:
555 5.5.4 Unsupported option: XATTRDIRECT=Originating
And Postfix is correct. The Postfix EHLO response does not announce
support for XATTRDIRECT or XATTRORGID, therefore the client must not send
such arguments in MAIL FROM. There is no second "554" reponse (for
XATTRORGID) because that would break SMTP.
If this is a problem then you could use smtpd_command_filter to
remove these options.
/etc/postfix/main.cf:
smtpd_command_filter = pcre:/etc/postfix/command_filter
/etc/postfix/command_filter:
# Work around clients that send XATTRDIRECT or XATTRORGID
# when Postfix announces no such support in the EHLO response.
/^(MAIL FROM:\s*<.*>.*)\s+XATTRDIRECT=\S+\s+XATTRORGID=\S+(.*)/ $1$2
This pattern seems to work with light testing. Do not omit the (.*)
at the end of the pattern, or the $2 in the result. These are for
supported options that they might send after XATTRORGID.
Wietse
> I have seen a couple of reports where the Reporting Organization is set
> to "Enterprise Outlook" but none from "Outlook.com"
>
> Has anyone else seen this behaviour and could this be related to SMTP
> smuggling?
Huh?
Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
