• Info

  • Postfix - SMTP Smuggling Attack

Hi Walter H,

thanks for your afforts to keep us on the safe side :-)

Perhaps I have mistaken, but I get the following errormessage when executing postfix check

postfix: fatal: bad numerical configuration: compatibility_level = 3.7

OS is suse (the Appliance).

can you help somehow?

Thank you

If you have an older OS, try compatibility_level = 3.6 or 3.5.

ok thanks, went all the way down to 3 and that worked. now it is "only" complaining about the two new parameters

    emtie down to 3

    which OS and which Postfix version you are using?

      cat /etc/os-release says:

      NAME="grommunio"
VERSION="2023.11.2"
ID"grommunio-lds"
ID_LIKE="suse"
VERSION_ID="2023.11.2"
PRETTY_NAME="grommunio"
...

      And postconf -d | grep mail_version says

      mail_version = 3.5.9

      Your postfix seams to be outdated, my system reports:

      # cat /etc/os-release
NAME="grommunio"
VERSION="2023.11.2"
ID="grommunio-lds"
ID_LIKE="suse"
VERSION_ID="2023.11.2"
PRETTY_NAME="grommunio"
ANSI_COLOR="0;36"
HOME_URL="https://grommunio.com/"
DOCUMENTATION_URL="https://docs.grommunio.com/"

      My Postfix reports: 3.7.3, this is the expected version.

      # postconf -d | grep mail_version
mail_version = 3.7.3

      Try to update your system:
      zypper ref -f; zypper up
      or better:
      zypper ref -f; zypper dup

      Hi WalterH,

      I did zypper ref -f; zypper dup but zypper did hold back some update. those updates are "bind-utils gio-branding-openSUSE postfix postfix-mysql xen-libs yast2-network"

      First Error Message is:
      "Nichts stellt libuv1 = 1.44.2 bereit, dass vom zu installierenden bind-utils-9.16.42-150500.8.3.1.x86_64 benötigt wird"

      what can i do? I don't know if the respoitory is of interest or relevant for the error - I am on the supported version repository...

      So, did try to update only postfix by using zypper update postfix ->Problem: nichts stellt 'liblmdb-0.9.30.so()(64bit)' bereit, das vom zu installierenden postfix-3.7.3-150500.3.11.1.x86_64 benötigt wird

      hmpft, does somebody have a solution for this?

      found the solution. the base respository was on openSUSE version 15.4. while the grommunio repositories were von 15.5... after updating everything worked well

      did you run a zypper ref -f; zypper dup to update all packages?

      a year later

      SuSE implemented the fix for the SMTP Smuggling attack with Open SuSE 15.6.

      • update to Open SuSE 15.6 https://community.grommunio.com/d/1879-update-form-open-suse-155-to-156 and modify the /etc/postfix/main.cf file.

      • Set the compatibility level to 3.8 (a requirement):
        postconf compatibility_level=3.8

      • Add the two new parameters
        postconf smtpd_forbid_bare_newline = yes
        postconf smtpd_forbid_bare_newline_exclusions = $mynetworks

      • Check the Postfix configuration:
        postfix check
        Please not, SuSE should not report any issues any longer.

      • Restart Postfix:
        systemctl restart postfix

      © 2020-2024 grommunio GmbH. All rights reserved. | https://grommunio.com | Data Protection | Legal notice