Wietse Venema via Postfix-users:
> Geert Hendrickx via Postfix-users:
> > On Thu, Dec 21, 2023 at 07:51:31 -0500, Wietse Venema via Postfix-users
> > wrote:
> > > * With all Postfix versions, "smtpd_data_restrictions =
> > > reject_unauth_pipelining" will stop the published exploit.
> >
> >
> > Hi
> >
> > I just found an unexpected side effect of this particular configuration
> > (unrelated to SMTP smuggling).
> >
> > We have a mail relay that has DISCARD rules for specific clients, senders
> > and recipients. When a discard rule is triggered in smtpd_*_restrictions
> > before DATA, smtpd_data_restrictions is not evaluated, so those senders
> > are "allowed" to pipeline. Or stated differently: one can now detect a
> > DISCARD rule via unauthorized pipelining, it is no longer 100% equivalent
> > to an "OK" from an outside POV.
> >
> > The same goes for eg. recipient validation when a sender triggers DISCARD.
> >
> > I'm not sure this really matters, just sharing an observation from testing
> > the reject_unauth_pipelining restriction (on a Postfix 3.5.9 from RHEL 9
> > that doesn't have the smtpd_forbid_unauth_pipelining feature yet).
>
> I suppose that is why one is called a temporary fix (which addresses
> many cases but not necessarily all) and a permanent fix (which roots
> out the problem).
To be clear, DISCARD disables this "temporary fix" for the smuggled
message. It is just one example that the temporary fix with
smtpd_data_restrictions cannot cover.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
