Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
> - Update from version 3.8.3 to 3.8.4
> - Update of rootfile not required
> - Permanent fix for smtp smuggling will be in version 3.9. However the fix has been
> backported into version 3.8.4 but with the default for the parameter of "no".
> - This patch sets the defaults for all the main.cf parameters highlighted by Wietse
> Venema in http://www.postfix.org/smtp-smuggling.html
> - Additionally the implementation of smtpd_forbid_bare_newline = yes has been added to
> the install.sh pak for postfix so that it will be included into any main.cf file being
> restored from backup. This parameter is available for the first time in 3.8.4 so will
> not be in any backup prior to this release and can therefore be safely applied to
> restored versions of main.cf.
> - This fix in install.sh will be able to be removed when version 3.9 is released early
> in 2024 as the default for that parameter in that version onwards will then be "yes"
> - Changelog
> 3.8.4
> Security: with "smtpd_forbid_bare_newline = yes" (default
> "no" for Postfix < 3.9), reply with "Error: bare <LF>
> received" and disconnect when an SMTP client sends a line
> ending in <LF>, violating the RFC 5321 requirement that
> lines must end in <CR><LF>. This prevents SMTP smuggling
> attacks that target a recipient at a Postfix server. For
> backwards compatibility, local clients are excluded by
> default with "smtpd_forbid_bare_newline_exclusions =
> $mynetworks". Files: mantools/postlink, proto/postconf.proto,
> global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
> smtpd/smtpd.c.
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> lfs/postfix | 15 +++++++++++----
> src/paks/postfix/install.sh | 5 +++++
> 2 files changed, 16 insertions(+), 4 deletions(-)
>
> diff --git a/lfs/postfix b/lfs/postfix
> index aab683f4c..7f2625a4e 100644
> --- a/lfs/postfix
> +++ b/lfs/postfix
> @@ -26,7 +26,7 @@ include Config
>
> SUMMARY = A fast, secure, and flexible mailer
>
> -VER = 3.8.3
> +VER = 3.8.4
>
> THISAPP = postfix-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = postfix
> -PAK_VER = 43
> +PAK_VER = 44
>
> DEPS =
>
> @@ -70,7 +70,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = a656606c2a46671548cb954a65d769ba5bf68a5c8f0ccdc0e753b03386956eef3e264b696a306c586f1df1b06fb173e5f3db74c6a9e4d3686c86b8f53be585ed
> +$(DL_FILE)_BLAKE2 = 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130ac958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272
>
> install : $(TARGET)
>
> @@ -110,13 +110,20 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> cd $(DIR_APP) && sh postfix-install -non-interactive
> ## Install configuration
> rm -vf /etc/postfix/main.cf.default
> +
> + # update main.cf parameters to prevent smtp smuggling attack
> + postconf -e 'smtpd_forbid_bare_newline = yes'
> + postconf -e 'smtpd_forbid_unauth_pipelining = yes'
> + postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining'
> + postconf -e 'smtpd_discard_ehlo_keywords = chunking'
> +
> mkdir -p /var/lib/postfix
> chown postfix.root /var/lib/postfix
>
> install -v -m 644 $(DIR_SRC)/config/backup/includes/postfix \
> /var/ipfire/backup/addons/includes/postfix
> mv /usr/sbin/sendmail /usr/sbin/sendmail.postfix
> -
> +
> #install initscripts
> $(call INSTALL_INITSCRIPTS,$(SERVICES))
>
> diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh
> index 1629d21c1..2e04e74a8 100644
> --- a/src/paks/postfix/install.sh
> +++ b/src/paks/postfix/install.sh
> @@ -24,6 +24,11 @@
> . /opt/pakfire/lib/functions.sh
> extract_files
> restore_backup ${NAME}
> +
> +# change main.cf parameter from default value to prevent smtp smuggling attack
> +# will not be required once postfix-3.9.x is released as default will then be yes
> +postconf -e 'smtpd_forbid_bare_newline = yes'
> +
> postalias /etc/aliases
> # Set postfix's hostname
> postconf -e "myhostname=$(hostname -f)"