On Thursday, December 21, 2023 11:57:21 AM EST Salvatore Bonaccorso wrote: > Source: postfix > Version: 3.8.2-1 > Severity: important > Tags: security upstream > Forwarded: > https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> Control: found -1 3.7.6-0+deb12u2 > Control: found -1 3.5.18-0+deb11u1 > Control: found -1 3.4.23-0+deb10u1 > > Hi > > There was a SMTP smuggling vulerability reported, for which in some > Postfix versions at least already exists short term mitiations in form > of "smtpd_forbid_unauth_pipelining = yes". > > Details via: > > https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html > https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwid > e/
See https://www.postfix.org/smtp-smuggling.html for the most recent information. The mitigation is available for stable, but not yet oldstable. Scott K
signature.asc
Description: This is a digitally signed message part.
