mail/postfix: upadte to 3.8.5
3.8.5 (2024-01-22) Security: this release improves support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. For background, see https://www.postfix.org/smtp-smuggling.html. The improvements provide better logging, and better compatibility with existing SMTP clients (less need to allowlist clients). Sites concerned about SMTP smuggling attacks should enable this feature on Internet-facing Postfix servers. For compatibility with non-standard clients, Postfix by default excludes clients in mynetworks from this countermeasure. The recommended settings are: # Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>. # Otherwise, allow bare <LF> and process it as if the client sent # <CR><LF>. # # This maintains compatibility with many legitimate SMTP client # applications that send a mix of standard and non-standard line # endings, but will fail to receive email from client implementations # that do not terminate DATA content with the standard End-of-DATA # sequence <CR><LF>.<CR><LF>. # # Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions. # The example below allowlists SMTP clients in trusted networks. # smtpd_forbid_bare_newline = normalize smtpd_forbid_bare_newline_exclusions = $mynetworks Notes: * The default setting is "smtpd_forbid_bare_newline = no" in Postfix releases < 3.9, for compatibility reasons. This means that Postfix is by default vulnerable to SMTP smuggling. * The new setting "smtpd_forbid_bare_newline = normalize" is the default for Postfix releases 3.9 and later. * The old setting "smtpd_forbid_bare_newline = yes" is now an alias for "smtpd_forbid_bare_newline = normalize". * The new setting "smtpd_forbid_bare_newline = reject" will refuse commands or message content with a bare newline. For details see the RELEASE_NOTES or the postconf(5) documentation.
This commit is contained in:
parent
626145c75b
commit
dd3a307b67
|
@ -1,8 +1,8 @@
|
|||
# $NetBSD: Makefile.common,v 1.46 2023/12/22 17:29:17 wiz Exp $
|
||||
# $NetBSD: Makefile.common,v 1.47 2024/02/28 15:16:19 taca Exp $
|
||||
# used by mail/postfix/Makefile
|
||||
# used by mail/postfix/Makefile.module
|
||||
|
||||
DISTNAME= postfix-3.8.4
|
||||
DISTNAME= postfix-3.8.5
|
||||
CATEGORIES= mail
|
||||
MASTER_SITES= ftp://ftp.porcupine.org/mirrors/postfix-release/official/
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
$NetBSD: distinfo,v 1.207 2023/12/22 17:29:17 wiz Exp $
|
||||
$NetBSD: distinfo,v 1.208 2024/02/28 15:16:19 taca Exp $
|
||||
|
||||
BLAKE2s (postfix-3.8.4.tar.gz) = f0c1556f2d66b34d0ecb52d84846daec03fdbbfbf743d30a35e1b7d91f30e8e6
|
||||
SHA512 (postfix-3.8.4.tar.gz) = 5bae3d62e104714aead1fff28a595bab4315227382f53c8dae2a231f4240e31abda19c1e3befc1db4c89bc5d66c9a43830390365aadabdac5cf36b493c5c48c7
|
||||
Size (postfix-3.8.4.tar.gz) = 4864184 bytes
|
||||
BLAKE2s (postfix-3.8.5.tar.gz) = c7a28244e2ea352f4631c30fe255e2946cf07a1473401ebc850c55578f4bebde
|
||||
SHA512 (postfix-3.8.5.tar.gz) = 26005da5750e7af742f4fc7596ae8320467176e069546c3487418c663b54f56734b4a6541665b8d72d94df2e0fd4f68a2bcc44c50a6d950334d5a5fb2293dff4
|
||||
Size (postfix-3.8.5.tar.gz) = 4871284 bytes
|
||||
SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c
|
||||
SHA1 (patch-ag) = 8ab3cfafa63056f9a7f096da7e55bcccab965180
|
||||
SHA1 (patch-ai) = 3d143532e1e9a149c6c06e2efadcd34f6f72e82d
|
||||
|
|
Loading…
Reference in New Issue