Navigation:
Browse pkgsrc
(this page)| 2024-02-28 16:16:19 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
mail/postfix: upadte to 3.8.5
3.8.5 (2024-01-22)
Security: this release improves support to defend against an email
spoofing attack (SMTP smuggling) on recipients at a Postfix server. For
background, see https://www.postfix.org/smtp-smuggling.html.
The improvements provide better logging, and better compatibility with
existing SMTP clients (less need to allowlist clients).
Sites concerned about SMTP smuggling attacks should enable this feature
on Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Require the standard End-of-DATA sequence \
<CR><LF>.<CR><LF>.
# Otherwise, allow bare <LF> and process it as if the client sent
# <CR><LF>.
#
# This maintains compatibility with many legitimate SMTP client
# applications that send a mix of standard and non-standard line
# endings, but will fail to receive email from client implementations
# that do not terminate DATA content with the standard End-of-DATA
# sequence <CR><LF>.<CR><LF>.
#
# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
# The example below allowlists SMTP clients in trusted networks.
#
smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworks
Notes:
* The default setting is "smtpd_forbid_bare_newline = no" in Postfix
releases < 3.9, for compatibility reasons. This means that Postfix
is by default vulnerable to SMTP smuggling.
* The new setting "smtpd_forbid_bare_newline = normalize" is the
default for Postfix releases 3.9 and later.
* The old setting "smtpd_forbid_bare_newline = yes" is now an alias for
"smtpd_forbid_bare_newline = normalize".
* The new setting "smtpd_forbid_bare_newline = reject" will refuse
commands or message content with a bare newline. For details see
the RELEASE_NOTES or the postconf(5) documentation.
|
2023-12-22 18:29:18 by Thomas Klausner | Files touched by this commit (10) |  |
Log message:
postfix*: update to 3.8.4
20230815
Bugfix (bug introduced: 20140218): when opportunistic TLS fails
during or after the handshake, don't require that a probe
message spent a minimum time-in-queue before falling back to
plaintext. Problem reported by Serg. File: smtp/smtp.h.
20230819
Bugfix (defect introduced: 19980207): the valid_hostname()
check in the Postfix DNS client library was blocking unusual
but legitimate wildcard names (*.name) in some DNS lookup
results and lookup requests. Examples:
name class/type value
*.one.example IN CNAME *.other.example
*.other.example IN A 10.0.0.1
*.other.example IN TLSA ..certificate info...
Such syntax is blesed in RFC 1034 section 4.3.3.
This problem was reported first in the context of TLSA
record lookups. Files: util/valid_hostname.[hc],
dns/dns_lookup.c.
20230929
Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix
SMTP server was waiting for a client command instead of
replying immediately, after a client certificate verification
error in TLS wrappermode. Reported by Andreas Kinzler. File:
smtpd/smtpd.c.
20231006
Usability: the Postfix SMTP server now attempts to log the
SASL username after authentication failure. In Postfix
logging, this appends ", sasl_username=xxx" after the reason
for SASL authentication failure. The logging replaces an
unavailable reason with "(reason unavailable)", and replaces
an unavailable sasl_username with "(unavailable)". Based
on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.
20231026
Bugfix (defect introduced: Postfix 2.11): in forward_path,
the expression ${recipient_delimiter} would expand to an
empty string when a recipient address had no recipient
delimiter. Fixed by restoring Postfix 2.10 behavior to use
a configured recipient delimiter value. Reported by Tod
A. Sandman. Files: proto/postconf.proto, local/local_expand.c.
20231221
Security: with "smtpd_forbid_bare_newline = yes" (default
"no" for Postfix < 3.9), reply with "Error: bare <LF>
received" and disconnect when an SMTP client sends a line
ending in <LF>, violating the RFC 5321 requirement that
lines must end in <CR><LF>. This prevents SMTP smuggling
attacks that target a recipient at a Postfix server. For
backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks". Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
smtpd/smtpd.c.
|
| 2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message: *: recursive bump for icu 74.1 |
| 2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message: *: bump for openssl 3 |
| 2023-07-15 16:56:26 by Juraj Lutter | Files touched by this commit (2) |
Log message: postfix: Update to 3.8.1 Major changes with Postfix 3.8.1 ================================ - Security: the Postfix SMTP server optionally disconnects remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. The server replies with "554 5.5.0 Error: SMTP protocol synchronization" and \ logs the unexpected remote SMTP client input. Specify "smtpd_forbid_unauth_pipelining = yes" to enable. This feature is enabled by default in Postfix 3.9 and later. - Workaround to limit collateral damage from OS distributions that crank up security to 11, increasing the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support, with two new parameters "tls_config_file" and "tls_config_name". Details are in \ the postconf(5) manpage under "tls_config_file" and "tls_config_name". Full release notes: http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.8.1.RELEASE_NOTES |
| 2023-05-08 06:30:44 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (3) |
Log message:
postfix: Update to 3.8.0
upstream changes:
-----------------
Postfix 3.7.8
o Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based
on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup =
submission" and "relayhost = example.com:submission", the \
Postfix SMTP
client will look up DNS SRV records for _submission._tcp.example.com, and
will relay email through the hosts and ports that are specified with those
records.
o TLS obsolescence: Postfix now treats the "export" and \
"low" cipher grade
settings as "medium". The "export" and "low" \
grades are no longer supported
in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later.
Also, Postfix default settings now exclude deprecated or unused ciphers
(SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
(DH, ECDH), and public key algorithm (DSS).
o Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by network block
instead of by IP address, to raise the bar against a memory exhaustion
attack in the anvil(8) server; Postfix TLS support unconditionally disables
TLS renegotiation in the middle of an SMTP connection, to avoid a CPU
exhaustion attack.
o The PostgreSQL client encoding is now configurable with the "encoding"
Postfix configuration file attribute. The default is "UTF8". \
Previously the
encoding was hard-coded as "LATIN1", which is not useful in the \
context of
SMTP.
o The postconf command now warns for #comment in or after a Postfix parameter
value. Postfix programs do not support #comment after other text, and treat
that as input.
|
| 2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | |
Log message: revbump after textproc/icu update |
| 2023-01-28 10:28:31 by Takahiro Kambe | Files touched by this commit (5) | |
Log message:
mail/postfix: update to 3.7.4
Postfix 3.7.4 (2023-01-22)
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP
protocol implements application-level framing, and is therefore not
affected by TLS truncation attacks. Fix by Viktor Dukhovni.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return
lazily-bound handles for digest implementations. In sufficiently
hostile configurations, Postfix could mistakenly believe that a digest
algorithm is available, and fail when it is not. A similar workaround
may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni.
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should
evaluate the argument only if there was no prior error. Found during
code review.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a
segmentation violation when postscreen_dnsbl_threshold < 1. It
should reject such input with a fatal error instead. Discovered by
Benny Pedersen.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS)
versions. Viktor Dukhovni.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables
support inline specification only in Postfix 3.7 and later.
|
| 2022-11-23 17:21:30 by Adam Ciarcinski | Files touched by this commit (1878) | |
Log message: massive revision bump after textproc/icu update |
| 2022-10-15 22:34:57 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (3) |
Log message:
postfix: Update to 3.7.3
upstream changes:
Postfix 3.7.3
o This fixes a bug where some messages were not delivered after "warning:
Unexpected record type 'X'.
|
New packages: