templates: postfix: mitigate smtpsmuggling vulnerability

by disabling pipelining on the external port.
The fix in the postfix config for the smtp-smuggling vulnerability [0]
follows the current recommendation of postfix upstream [1].

by using `smtpd_data_restrictions` instead of the newer
`smtpd_forbid_unauth_pipelining` the fix works for both PMG 7 and 8.

Tested with a handcrafted smtp-smuggling-session and verifying that:
* without the fix I get 2 mails
* with the fix I get 1 mail when sending to the external port, but
  still 2 mails when sending to the internal port

[0] https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
[1] https://www.postfix.org/smtp-smuggling.html

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/src/templates/main.cf.in b/src/templates/main.cf.in
index bce03538da71152c7fc97fa874c5937e49fe7e74..c689af303180c1eb03ed6a8f573f371dd9dd4443 100644 (file)
--- a/src/templates/main.cf.in
+++ b/src/templates/main.cf.in
@@ -99,6 +99,8 @@ smtpd_recipient_restrictions =
 unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %]
 [% END %]
 
+smtpd_data_restrictions = reject_unauth_pipelining
+
 smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %]
 smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %]
 smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %]

diff --git a/src/templates/master.cf.in b/src/templates/master.cf.in
index 046af19c08bacc524cd9d2c58ba896646970ea7c..7d60d1d38dd87a45e43ec08d0e68c45c4818dae2 100644 (file)
--- a/src/templates/master.cf.in
+++ b/src/templates/master.cf.in
@@ -91,6 +91,7 @@ scan      unix  -       -       n       -       [% pmg.mail.max_filters %]
   -o smtpd_helo_restrictions=
   -o smtpd_client_restrictions=
   -o smtpd_sender_restrictions=
+  -o smtpd_data_restrictions=
 
 [% pmg.mail.ext_port %]       inet  n -       -       -       1 postscreen