CVS commit: pkgsrc/mail/postfix

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/postfix
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Wed, 28 Feb 2024 15:16:19 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Wed Feb 28 15:16:19 UTC 2024

Modified Files:
        pkgsrc/mail/postfix: Makefile.common distinfo

Log Message:
mail/postfix: upadte to 3.8.5

3.8.5 (2024-01-22)

Security: this release improves support to defend against an email
spoofing attack (SMTP smuggling) on recipients at a Postfix server. For
background, see https://www.postfix.org/smtp-smuggling.html.

The improvements provide better logging, and better compatibility with
existing SMTP clients (less need to allowlist clients).

Sites concerned about SMTP smuggling attacks should enable this feature
on Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.

The recommended settings are:

    # Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
    # Otherwise, allow bare <LF> and process it as if the client sent
    # <CR><LF>.
    #
    # This maintains compatibility with many legitimate SMTP client
    # applications that send a mix of standard and non-standard line
    # endings, but will fail to receive email from client implementations
    # that do not terminate DATA content with the standard End-of-DATA
    # sequence <CR><LF>.<CR><LF>.
    #
    # Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions.
    # The example below allowlists SMTP clients in trusted networks.
    #
    smtpd_forbid_bare_newline = normalize
    smtpd_forbid_bare_newline_exclusions = $mynetworks

Notes:

  * The default setting is "smtpd_forbid_bare_newline = no" in Postfix
    releases < 3.9, for compatibility reasons. This means that Postfix
    is by default vulnerable to SMTP smuggling.

  * The new setting "smtpd_forbid_bare_newline = normalize" is the
    default for Postfix releases 3.9 and later.

  * The old setting "smtpd_forbid_bare_newline = yes" is now an alias for
    "smtpd_forbid_bare_newline = normalize".

  * The new setting "smtpd_forbid_bare_newline = reject" will refuse
    commands or message content with a bare newline. For details see
    the RELEASE_NOTES or the postconf(5) documentation.


To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/mail/postfix/Makefile.common
cvs rdiff -u -r1.207 -r1.208 pkgsrc/mail/postfix/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/postfix/Makefile.common
diff -u pkgsrc/mail/postfix/Makefile.common:1.46 pkgsrc/mail/postfix/Makefile.common:1.47
--- pkgsrc/mail/postfix/Makefile.common:1.46    Fri Dec 22 17:29:17 2023
+++ pkgsrc/mail/postfix/Makefile.common Wed Feb 28 15:16:19 2024
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.46 2023/12/22 17:29:17 wiz Exp $
+# $NetBSD: Makefile.common,v 1.47 2024/02/28 15:16:19 taca Exp $
 # used by mail/postfix/Makefile
 # used by mail/postfix/Makefile.module
 
-DISTNAME=      postfix-3.8.4
+DISTNAME=      postfix-3.8.5
 CATEGORIES=    mail
 MASTER_SITES=  ftp://ftp.porcupine.org/mirrors/postfix-release/official/
 

Index: pkgsrc/mail/postfix/distinfo
diff -u pkgsrc/mail/postfix/distinfo:1.207 pkgsrc/mail/postfix/distinfo:1.208
--- pkgsrc/mail/postfix/distinfo:1.207  Fri Dec 22 17:29:17 2023
+++ pkgsrc/mail/postfix/distinfo        Wed Feb 28 15:16:19 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.207 2023/12/22 17:29:17 wiz Exp $
+$NetBSD: distinfo,v 1.208 2024/02/28 15:16:19 taca Exp $
 
-BLAKE2s (postfix-3.8.4.tar.gz) = f0c1556f2d66b34d0ecb52d84846daec03fdbbfbf743d30a35e1b7d91f30e8e6
-SHA512 (postfix-3.8.4.tar.gz) = 5bae3d62e104714aead1fff28a595bab4315227382f53c8dae2a231f4240e31abda19c1e3befc1db4c89bc5d66c9a43830390365aadabdac5cf36b493c5c48c7
-Size (postfix-3.8.4.tar.gz) = 4864184 bytes
+BLAKE2s (postfix-3.8.5.tar.gz) = c7a28244e2ea352f4631c30fe255e2946cf07a1473401ebc850c55578f4bebde
+SHA512 (postfix-3.8.5.tar.gz) = 26005da5750e7af742f4fc7596ae8320467176e069546c3487418c663b54f56734b4a6541665b8d72d94df2e0fd4f68a2bcc44c50a6d950334d5a5fb2293dff4
+Size (postfix-3.8.5.tar.gz) = 4871284 bytes
 SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c
 SHA1 (patch-ag) = 8ab3cfafa63056f9a7f096da7e55bcccab965180
 SHA1 (patch-ai) = 3d143532e1e9a149c6c06e2efadcd34f6f72e82d

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index