Question regarding smuggling protection in main.cf

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

https://mailinabox.email/

Creative Commons Zero v1.0 Universal

14.05k stars 1.44k forks source link

Question regarding smuggling protection in main.cf #2427

Open myfirstnameispaul opened 3 months ago

myfirstnameispaul commented 3 months ago

I was just noticing that main.cf is configured for SMTP smuggling protection with this line:

smtpd_forbid_bare_newline = normalize

The Long-term fix provided by the Postfix documentation states to use:

smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworks

I was just wondering why the exclusion was left out?

https://www.postfix.org/smtp-smuggling.html

kiekerjan commented 3 months ago

Perhaps the advice changed after we did the changes to mail-in-a-box? Also, it looks to me like the default is smtpd_forbid_bare_newline_exclusions = $mynetworks if it is not set.