Hi everyone. I've been reading about this: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide
And it seems, for workaround and patching, postfix needs to have the following parameter enabled: smtpd_forbid_unauth_pipelining=yes however, the latest postfix package under OpenBSD 7.4 is; postfix-3.8.20221007p11 which does not support that parameter. "That feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, 3.6.10, and 3.5.20" as it's been said here: http://www.postfix.org/postconf.5.html#smtpd_forbid_unauth_pipelining Is there any plan for OpenBSD 7.4 stable packages, to upgrade postfix to latest stable revision, for security purposes in that case? Best wishes, regards. Mark.
