Revisions of postfix
Ruediger Oertel (oertel)
committed
(revision 2)
- update default configuration to enable the long-term fix for
bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack:
* smtpd_forbid_bare_newline = yes
* smtpd_forbid_bare_newline_exclusions = $mynetworks
- update to 3.8.4
* Security: this release adds support to defend
against an email spoofing attack (SMTP smuggling) on
recipients at a Postfix server. For background, see
https://www.postfix.org/smtp-smuggling.html.
- update to 3.8.3
* Bugfix (defect introduced Postfix 2.5, date 20080104): the
Postfix SMTP server was waiting for a client command instead
of replying immediately, after a client certificate verification
error in TLS wrappermode. Reported by Andreas Kinzler.
* Usability: the Postfix SMTP server (finally) attempts to log
the SASL username after authentication failure. In Postfix
logging, this appends ", sasl_username=xxx" after the reason
for SASL authentication failure. The logging replaces an
unavailable reason with "(reason unavailable)", and replaces
an unavailable sasl_username with "(unavailable)". Based on
code by Jozsef Kadlecsik.
* Compatibility bugfix (defect introduced: Postfix 2.11, date
20130405): in forward_path, the expression ${recipient_delimiter}
would expand to an empty string when a recipient address had
no recipient delimiter. The compatibility fix is to use a
configured recipient delimiter value instead. Reported by Tod
A. Sandman.
Displaying all 2 revisions
