On Thu, Dec 21, 2023 at 07:51:31 -0500, Wietse Venema via Postfix-users wrote:
> * With all Postfix versions, "smtpd_data_restrictions =
> reject_unauth_pipelining" will stop the published exploit.
Hi
I just found an unexpected side effect of this particular configuration
(unrelated to SMTP smuggling).
We have a mail relay that has DISCARD rules for specific clients, senders
and recipients. When a discard rule is triggered in smtpd_*_restrictions
before DATA, smtpd_data_restrictions is not evaluated, so those senders
are "allowed" to pipeline. Or stated differently: one can now detect a
DISCARD rule via unauthorized pipelining, it is no longer 100% equivalent
to an "OK" from an outside POV.
The same goes for eg. recipient validation when a sender triggers DISCARD.
I'm not sure this really matters, just sharing an observation from testing
the reject_unauth_pipelining restriction (on a Postfix 3.5.9 from RHEL 9
that doesn't have the smtpd_forbid_unauth_pipelining feature yet).
Geert
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
