From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] postfix: Update to version 3.8.4 + prevent smtp smuggling
Date: Sun, 07 Jan 2024 19:09:00 +0000
Message-ID: <59bb451d-20ce-4fc1-8bee-1b245b1268fb@ipfire.org>
In-Reply-To: <20231226131036.3260423-3-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4639625084801262798=="
List-Id: <development.lists.ipfire.org>

--===============4639625084801262798==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

> - Update from version 3.8.3 to 3.8.4
> - Update of rootfile not required
> - Permanent fix for smtp smuggling will be in version 3.9. However the fix =
has been
>    backported into version 3.8.4 but with the default for the parameter of =
"no".
> - This patch sets the defaults for all the main.cf parameters highlighted b=
y Wietse
>    Venema in http://www.postfix.org/smtp-smuggling.html
> - Additionally the implementation of smtpd_forbid_bare_newline =3D yes has =
been added to
>    the install.sh pak for postfix so that it will be included into any main=
.cf file being
>    restored from backup. This parameter is available for the first time in =
3.8.4 so will
>    not be in any backup prior to this release and can therefore be safely a=
pplied to
>    restored versions of main.cf.
> - This fix in install.sh will be able to be removed when version 3.9 is rel=
eased early
>    in 2024 as the default for that parameter in that version onwards will t=
hen be "yes"
> - Changelog
>     3.8.4
> 	Security: with "smtpd_forbid_bare_newline =3D yes" (default
> 	 "no" for Postfix < 3.9), reply with "Error: bare <LF>
> 	 received" and disconnect when an SMTP client sends a line
> 	 ending in <LF>, violating the RFC 5321 requirement that
> 	 lines must end in <CR><LF>. This prevents SMTP smuggling
> 	 attacks that target a recipient at a Postfix server. For
> 	 backwards compatibility, local clients are excluded by
> 	 default with "smtpd_forbid_bare_newline_exclusions =3D
> 	 $mynetworks". Files: mantools/postlink, proto/postconf.proto,
> 	 global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
> 	 smtpd/smtpd.c.
>=20
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>  lfs/postfix                 | 15 +++++++++++----
>  src/paks/postfix/install.sh |  5 +++++
>  2 files changed, 16 insertions(+), 4 deletions(-)
>=20
> diff --git a/lfs/postfix b/lfs/postfix
> index aab683f4c..7f2625a4e 100644
> --- a/lfs/postfix
> +++ b/lfs/postfix
> @@ -26,7 +26,7 @@ include Config
> =20
>  SUMMARY    =3D A fast, secure, and flexible mailer
> =20
> -VER        =3D 3.8.3
> +VER        =3D 3.8.4
> =20
>  THISAPP    =3D postfix-$(VER)
>  DL_FILE    =3D $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM    =3D $(URL_IPFIRE)
>  DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
>  TARGET     =3D $(DIR_INFO)/$(THISAPP)
>  PROG       =3D postfix
> -PAK_VER    =3D 43
> +PAK_VER    =3D 44
> =20
>  DEPS       =3D
> =20
> @@ -70,7 +70,7 @@ objects =3D $(DL_FILE)
> =20
>  $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
> =20
> -$(DL_FILE)_BLAKE2 =3D a656606c2a46671548cb954a65d769ba5bf68a5c8f0ccdc0e753=
b03386956eef3e264b696a306c586f1df1b06fb173e5f3db74c6a9e4d3686c86b8f53be585ed
> +$(DL_FILE)_BLAKE2 =3D 200ce3d72444da05e42fc8627002d53d68c1b3d78b7f74b0130a=
c958c23d16454783ef4849a8c9a4e3cba8ae36646e921f7e94ac4fb819b597e1a5ab1a875272
> =20
>  install : $(TARGET)
> =20
> @@ -110,13 +110,20 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  	cd $(DIR_APP) && sh postfix-install -non-interactive
>  	## Install configuration
>  	rm -vf /etc/postfix/main.cf.default
> +=09
> +	# update main.cf parameters to prevent smtp smuggling attack
> +	postconf -e 'smtpd_forbid_bare_newline =3D yes'
> +	postconf -e 'smtpd_forbid_unauth_pipelining =3D yes'
> +	postconf -e 'smtpd_data_restrictions =3D reject_unauth_pipelining'
> +	postconf -e 'smtpd_discard_ehlo_keywords =3D chunking'
> +=09
>  	mkdir -p /var/lib/postfix
>  	chown postfix.root /var/lib/postfix
> =20
>  	install -v -m 644 $(DIR_SRC)/config/backup/includes/postfix \
>  			 /var/ipfire/backup/addons/includes/postfix
>  	mv /usr/sbin/sendmail /usr/sbin/sendmail.postfix
> -
> +=09
>  	#install initscripts
>  	$(call INSTALL_INITSCRIPTS,$(SERVICES))
> =20
> diff --git a/src/paks/postfix/install.sh b/src/paks/postfix/install.sh
> index 1629d21c1..2e04e74a8 100644
> --- a/src/paks/postfix/install.sh
> +++ b/src/paks/postfix/install.sh
> @@ -24,6 +24,11 @@
>  . /opt/pakfire/lib/functions.sh
>  extract_files
>  restore_backup ${NAME}
> +
> +# change main.cf parameter from default value to prevent smtp smuggling at=
tack
> +# will not be required once postfix-3.9.x is released as default will then=
 be yes
> +postconf -e 'smtpd_forbid_bare_newline =3D yes'
> +
>  postalias /etc/aliases
>  # Set postfix's hostname
>  postconf -e "myhostname=3D$(hostname -f)"

--===============4639625084801262798==--