server handles stray <CR> or <LF> characters. Files:
global/mail_params.h, cleanup/cleanup.c, cleanup/cleanup_message.c,
mantools/postlink, proto/postconf.proto.
+
+20240110
+
+ Cleanup: the smtpd_forbid_bare_newline settings "normalize"
+ and "reject" are now more similar. Both now unconditionally
+ require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
+ Files: smtpd/smtpd.c, proto/postconf.proto, RELEASE_NOTES.
license of their choice. Those who are more comfortable with the
IPL can continue with that license.
-Incompatibility with snapshot 20240109
+Incompatibility with snapshot 20240110
=======================================
Outbound SMTP smuggling: with "cleanup_replace_stray_cr_lf = yes", the
content management.
This prevents outbound SMTP smuggling, where an attacker uses Postfix
-to send a non-standard End-of-DATA sequence that triggers inbound
-SMTP smuggling at a remote SMTP server.
+to send email with a non-standard End-of-DATA sequence that exploits
+inbound SMTP smuggling at a vulnerable SMTP server.
-This also ensures that the evaluation of Postfix-added DKIM etc.
-signatures will not depend on how a remote mail server handles stray <CR>
-or <LF> characters.
+This also ensures that the evaluation of Postfix-added DKIM and
+other signatures will not depend on how a remote mail server handles
+stray <CR> or <LF> characters.
This feature applies to all email that Postfix locally or remotely
-out. It is not allowlisted based on client identity.
+sends out. It is not allowlisted based on client identity.
-Major changes with snapshot 20240106
-====================================
-
-Inbound SMTP smuggling: strip extra <CR> in <CR><LF>.<CR><CR><LF>,
-to silence some tools that send attack sequences that are not viable.
-Details at https://www.postfix.org/false-smuggling-claims.html
-
-Major changes with snapshot 20240102
+Major changes with snapshot 20240110
====================================
This updates Postfix fixes for SMTP smuggling attacks, For background,
see https://www.postfix.org/smtp-smuggling.html
-This release improves configuration (see below) and logging for rejected
-input (it now includes helo, mail, and rcpt information if available).
This will be back ported to Postfix 3.8.5, 3.7.10, 3.6.14, and 3.5.24.
-- The new setting "smtpd_forbid_bare_newline = normalize" allows
- bare newlines from local and remote SMTP clients that send bare
- newlines consistently, and maintains more compatibility with
- infrastructure tools such as probers and surveys.
+- Improved logging for rejected input (it now includes queue ID,
+ helo, mail, and rcpt, if available).
-- The new setting "smtpd_forbid_bare_newline = reject" rejects a
- command or message that contains a bare newline. To disconnect
+- The new default setting "smtpd_forbid_bare_newline = normalize"
+ requires the standard End-of-DATA sequence <CR><LF>.<CR><LF>, and
+ allows bare newlines from local and remote SMTP clients, maintaining
+ more compatibility with infrastructure tools such as probers and
+ surveys.
+
+- The new setting "smtpd_forbid_bare_newline = reject" requires
+ the standard End-of-DATA sequence <CR><LF>.<CR><LF>, and rejects
+ a command or message that contains a bare newline. To disconnect
the client, specify "smtpd_forbid_bare_newline_reject_code = 521".
- The old setting "yes" has become an alias for "normalize".
The recommended Postfix 3.9 settings (i.e. the defaults) are now:
- # Allow bare newlines from local and remote SMTP clients. If any DATA
- # content line ends in <CR><LF>, require the standard End-of-DATA form
- # <CR><LF>.<CR><LF>, and skip other End-of-DATA forms.
+ # Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
+ # Allow bare newlines from local and remote SMTP clients.
#
- # This may cause problems for legitimate clients that send
- # non-standard line endings such web applications, netcat, fax
- # machines, or load balancer health checks. Such clients need to be
- # excluded with smtpd_forbid_bare_newline_exclusions.
+ # This will cause problems for legitimate clients that send a
+ # non-standard End-of-DATA sequence such as web applications, netcat,
+ # fax machines, or load balancer health checks. Such clients need
+ # to be excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworks
Alternative settings:
- # Reject bare newlines from remote SMTP clients. Require the standard
- # End-of-DATA form <CR><LF>.<CR><LF>.
+ # Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
+ # Reject bare newlines from remote SMTP clients.
#
- # This will cause problems for legitimate clients that send
- # non-standard line endings such web applications, netcat, fax
+ # This will cause problems for legitimate clients that send any
+ # non-standard line endings such as web applications, netcat, fax
# machines, or load balancer health checks. Such clients need to be
# excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = reject
smtpd_forbid_bare_newline_exclusions = $mynetworks
+Major changes with snapshot 20240106
+====================================
+
+Inbound SMTP smuggling: strip extra <CR> in <CR><LF>.<CR><CR><LF>,
+to silence some tools that send attack sequences that are not viable.
+Details at https://www.postfix.org/false-smuggling-claims.html
+
Incompatible changes with snapshot 20231221
===========================================
<b><a href="postconf.5.html#cleanup_replace_stray_cr_lf">cleanup_replace_stray_cr_lf</a> (yes)</b>
Replace each stray <CR> or <LF> character in message content
with a space character, to prevent outbound SMTP smuggling, and
- to make the evaluation of Postfix-added DKIM etc.
+ to make the evaluation of Postfix-added DKIM or other signatures
+ independent from how a remote mail server handles such charac-
+ ters.
<b>BEFORE QUEUE MILTER CONTROLS</b>
As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
<p> Replace each stray <CR> or <LF> character in message
content with a space character, to prevent outbound SMTP smuggling,
-and to make the evaluation of Postfix-added DKIM etc. signatures
+and to make the evaluation of Postfix-added DKIM or other signatures
independent from how a remote mail server handles such characters.
</p>
<DT><b><a name="smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
(default: Postfix ≥ 3.9: normalize)</b></DT><DD>
-<p> Reject or normalize commands and email message content when a
-remote SMTP client sends lines ending in <LF>. Such line
-endings are commonly allowed with UNIX-based SMTP servers, but they
-violate the <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> requirement that lines must end in
-<CR><LF>. <.p>
+<p> Reject or normalize commands and email message content when an
+SMTP client sends lines ending in <LF>. Such line endings are
+commonly allowed with UNIX-based SMTP servers, but they violate the
+<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> requirement that lines must end in <CR><LF>.
+</p>
<p> Specify one of the following values (case does not matter): </p>
<dl compact>
-<dt> <b>normalize</b> </dt> <dd> Maintain compatibility with legacy
-SMTP clients that send lines ending in the non-standard <LF>,
-and treat those line endings as if the client sent the standard
-<CR><LF>. However, if an SMTP client sends any DATA
-content line ending in the standard <CR><LF>, require
-the standard End-of-DATA form <CR><LF>.<CR><LF>,
-and skip non-standard End-of-DATA forms. <br> This may fail to
-receive email from legitimate SMTP clients that send non-standard
-line endings such web applications, netcat, fax machines, or load
-balancer health checks. Such clients need to be excluded with
-<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. </dd>
+<dt> <b>normalize</b> (default)</dt> <dd> Require the standard
+End-of-DATA sequence <CR><LF>.<CR><LF>.
+Otherwise, maintain compatibility with legacy SMTP clients that
+send lines ending in the non-standard <LF>, and treat those
+line endings as if the client sent the standard <CR><LF>.
+<br> This may fail to receive email from legitimate SMTP clients
+such web applications, netcat, fax machines, or load balancer health
+checks. Such clients need to be excluded with
+<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. </dd>
<dt> <b>yes</b> </dt> <dd> Alias for "normalize". </dd>
-<dt> <b>reject</b> </dt> <dd> When an SMTP client sends a command
-or message content line ending in <LF>, log a "bare <LF>
-received" error, reject the command or message content with
-<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a>, and require the standard
-End-of-DATA form <CR><LF>.<CR><LF>. <br>
+<dt> <b>reject</b> </dt> <dd> Require the standard End-of-DATA
+sequence <CR><LF>.<CR><LF>. When an SMTP
+client sends a command or message content line ending in <LF>,
+log a "bare <LF> received" error, and reject the command or
+message content with $<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a>. <br>
This will fail to receive email from legitimate SMTP clients that
send non-standard line endings such web applications, netcat, fax
machines, or load balancer health checks. Such clients need to be
<blockquote>
<pre>
-# Allow bare newlines from local and remote SMTP clients. If any DATA
-# content line ends in <CR><LF>, require the standard End-of-DATA form
-# <CR><LF>.<CR><LF> and skip other End-of-DATA forms.
+# Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
+# Allow bare newlines from local and remote SMTP clients.
#
-# This may cause problems for legitimate clients that send
-# non-standard line endings such as web applications, netcat, fax
-# machines, or load balancer health checks. Such clients need to be
-# excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>.
+# This will cause problems for legitimate clients that send a
+# non-standard End-of-DATA sequence such as web applications, netcat,
+# fax machines, or load balancer health checks. Such clients need
+#
to be excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>.
#
<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = normalize
<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
<blockquote>
<pre>
-# Reject bare newlines from remote SMTP clients. Require the standard
-# End-of-DATA form <CR><LF>.<CR><LF>.
+# Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
+# Reject bare newlines from remote SMTP clients.
#
-# This will cause problems for legitimate clients that send
+# This will cause problems for legitimate clients that send any
# non-standard line endings such as web applications, netcat, fax
# machines, or load balancer health checks. Such clients need to be
# excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>.
Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
<b><a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> (Postfix</b> ><b>= 3.9: normalize)</b>
- Reject or normalize commands and email message content when a
- remote SMTP client sends lines ending in <LF>.
+ Reject or normalize commands and email message content when an
+ SMTP client sends lines ending in <LF>.
<b><a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
Exclude the specified clients from <a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
.SH cleanup_replace_stray_cr_lf (default: yes)
Replace each stray <CR> or <LF> character in message
content with a space character, to prevent outbound SMTP smuggling,
-and to make the evaluation of Postfix\-added DKIM etc. signatures
+and to make the evaluation of Postfix\-added DKIM or other signatures
independent from how a remote mail server handles such characters.
.PP
SMTP does not allow such characters unless they are part of a
.PP
This feature is available in Postfix 2.0 and later.
.SH smtpd_forbid_bare_newline (default: Postfix >= 3.9: normalize)
-Reject or normalize commands and email message content when a
-remote SMTP client sends lines ending in <LF>. Such line
-endings are commonly allowed with UNIX\-based SMTP servers, but they
-violate the RFC 5321 requirement that lines must end in
-<CR><LF>. <.p>
+Reject or normalize commands and email message content when an
+SMTP client sends lines ending in <LF>. Such line endings are
+commonly allowed with UNIX\-based SMTP servers, but they violate the
+RFC 5321 requirement that lines must end in <CR><LF>.
.PP
Specify one of the following values (case does not matter):
-.IP "\fBnormalize\fR"
-Maintain compatibility with legacy
-SMTP clients that send lines ending in the non\-standard <LF>,
-and treat those line endings as if the client sent the standard
-<CR><LF>. However, if an SMTP client sends any DATA
-content line ending in the standard <CR><LF>, require
-the standard End\-of\-DATA form <CR><LF>.<CR><LF>,
-and skip non\-standard End\-of\-DATA forms.
-.br
-This may fail to
-receive email from legitimate SMTP clients that send non\-standard
-line endings such web applications, netcat, fax machines, or load
-balancer health checks. Such clients need to be excluded with
+.IP "\fBnormalize\fR (default)"
+Require the standard
+End\-of\-DATA sequence <CR><LF>.<CR><LF>.
+Otherwise, maintain compatibility with legacy SMTP clients that
+send lines ending in the non\-standard <LF>, and treat those
+line endings as if the client sent the standard <CR><LF>.
+.br
+This may fail to receive email from legitimate SMTP clients
+such web applications, netcat, fax machines, or load balancer health
+checks. Such clients need to be excluded with
smtpd_forbid_bare_newline_exclusions.
.br
.IP "\fByes\fR"
Alias for "normalize".
.br
.IP "\fBreject\fR"
-When an SMTP client sends a command
-or message content line ending in <LF>, log a "bare <LF>
-received" error, reject the command or message content with
-smtpd_forbid_bare_newline_reject_code, and require the standard
-End\-of\-DATA form <CR><LF>.<CR><LF>.
+Require the standard End\-of\-DATA
+sequence <CR><LF>.<CR><LF>. When an SMTP
+client sends a command or message content line ending in <LF>,
+log a "bare <LF> received" error, and reject the command or
+message content with $smtpd_forbid_bare_newline_reject_code.
.br
This will fail to receive email from legitimate SMTP clients that
send non\-standard line endings such web applications, netcat, fax
.nf
.na
.ft C
-# Allow bare newlines from local and remote SMTP clients. If any DATA
-# content line ends in <CR><LF>, require the standard End\-of\-DATA form
-# <CR><LF>.<CR><LF> and skip other End\-of\-DATA forms.
+# Require the standard End\-of\-DATA sequence <CR><LF>.<CR><LF>.
+# Allow bare newlines from local and remote SMTP clients.
#
-# This may cause problems for legitimate clients that send
-# non\-standard line endings such as web applications, netcat, fax
-# machines, or load balancer health checks. Such clients need to be
-# excluded with smtpd_forbid_bare_newline_exclusions.
+# This will cause problems for legitimate clients that send a
+# non\-standard End\-of\-DATA sequence such as web applications, netcat,
+# fax machines, or load balancer health checks. Such clients need
+# to be excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworks
.nf
.na
.ft C
-# Reject bare newlines from remote SMTP clients. Require the standard
-# End\-of\-DATA form <CR><LF>.<CR><LF>.
+# Require the standard End\-of\-DATA sequence <CR><LF>.<CR><LF>.
+# Reject bare newlines from remote SMTP clients.
#
-# This will cause problems for legitimate clients that send
+# This will cause problems for legitimate clients that send any
# non\-standard line endings such as web applications, netcat, fax
# machines, or load balancer health checks. Such clients need to be
# excluded with smtpd_forbid_bare_newline_exclusions.
.IP "\fBcleanup_replace_stray_cr_lf (yes)\fR"
Replace each stray <CR> or <LF> character in message
content with a space character, to prevent outbound SMTP smuggling,
-and to make the evaluation of Postfix\-added DKIM etc.
+and to make the evaluation of Postfix\-added DKIM or other signatures
+independent from how a remote mail server handles such characters.
.SH "BEFORE QUEUE MILTER CONTROLS"
.na
.nf
.PP
Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
.IP "\fBsmtpd_forbid_bare_newline (Postfix >= 3.9: normalize)\fR"
-Reject or normalize commands and email message content when a
-remote SMTP client sends lines ending in <LF>.
+Reject or normalize commands and email message content when an
+SMTP client sends lines ending in <LF>.
.IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
Exclude the specified clients from smtpd_forbid_bare_newline
enforcement.
s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g;
s;\bsmtpd_expansion_filter\b;<a href="postconf.5.html#smtpd_expansion_filter">$&</a>;g;
s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bidden_commands\b;<a href="postconf.5.html#smtpd_forbidden_commands">$&</a>;g;
- s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline\b;<a href="postconf.5.html#smtpd_forbid_bare_newline">$&</a>;g;
- s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline_reject_code\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">$&</a>;g;
- s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline_exclusions\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">$&</a>;g;
+ s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new
[-</bB>]*\n*[ <bB>]*line\b;<a href="postconf.5.html#smtpd_forbid_bare_newline">$&</a>;g;
+ s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new
[-</bB>]*\n*[ <bB>]*line_reject_code\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">$&</a>;g;
+ s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new
[-</bB>]*\n*[ <bB>]*line_exclusions\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">$&</a>;g;
s;\bcleanup_replace_stray_cr_lf\b;<a href="postconf.5.html#cleanup_replace_stray_cr_lf">$&</a>;g;
s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_unauth_pipelining\b;<a href="postconf.5.html#smtpd_forbid_unauth_pipelining">$&</a>;g;
s;\bsmtpd_hard_error_limit\b;<a href="postconf.5.html#smtpd_hard_error_limit">$&</a>;g;
%PARAM smtpd_forbid_bare_newline Postfix ≥ 3.9: normalize
-<p> Reject or normalize commands and email message content when a
-remote SMTP client sends lines ending in <LF>. Such line
-endings are commonly allowed with UNIX-based SMTP servers, but they
-violate the RFC 5321 requirement that lines must end in
-<CR><LF>. <.p>
+<p> Reject or normalize commands and email message content when an
+SMTP client sends lines ending in <LF>. Such line endings are
+commonly allowed with UNIX-based SMTP servers, but they violate the
+RFC 5321 requirement that lines must end in <CR><LF>.
+</p>
<p> Specify one of the following values (case does not matter): </p>
<dl compact>
-<dt> <b>normalize</b> </dt> <dd> Maintain compatibility with legacy
-SMTP clients that send lines ending in the non-standard <LF>,
-and treat those line endings as if the client sent the standard
-<CR><LF>. However, if an SMTP client sends any DATA
-content line ending in the standard <CR><LF>, require
-the standard End-of-DATA form <CR><LF>.<CR><LF>,
-and skip non-standard End-of-DATA forms. <br> This may fail to
-receive email from legitimate SMTP clients that send non-standard
-line endings such web applications, netcat, fax machines, or load
-balancer health checks. Such clients need to be excluded with
-smtpd_forbid_bare_newline_exclusions. </dd>
+<dt> <b>normalize</b> (default)</dt> <dd> Require the standard
+End-of-DATA sequence <CR><LF>.<CR><LF>.
+Otherwise, maintain compatibility with legacy SMTP clients that
+send lines ending in the non-standard <LF>, and treat those
+line endings as if the client sent the standard <CR><LF>.
+<br> This may fail to receive email from legitimate SMTP clients
+such web applications, netcat, fax machines, or load balancer health
+checks. Such clients need to be excluded with
+smtpd_forbid_bare_newline_exclusions. </dd>
<dt> <b>yes</b> </dt> <dd> Alias for "normalize". </dd>
-<dt> <b>reject</b> </dt> <dd> When an SMTP client sends a command
-or message content line ending in <LF>, log a "bare <LF>
-received" error, reject the command or message content with
-smtpd_forbid_bare_newline_reject_code, and require the standard
-End-of-DATA form <CR><LF>.<CR><LF>. <br>
+<dt> <b>reject</b> </dt> <dd> Require the standard End-of-DATA
+sequence <CR><LF>.<CR><LF>. When an SMTP
+client sends a command or message content line ending in <LF>,
+log a "bare <LF> received" error, and reject the command or
+message content with $smtpd_forbid_bare_newline_reject_code. <br>
This will fail to receive email from legitimate SMTP clients that
send non-standard line endings such web applications, netcat, fax
machines, or load balancer health checks. Such clients need to be
<blockquote>
<pre>
-# Allow bare newlines from local and remote SMTP clients. If any DATA
-# content line ends in <CR><LF>, require the standard End-of-DATA form
-# <CR><LF>.<CR><LF> and skip other End-of-DATA forms.
+# Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
+# Allow bare newlines from local and remote SMTP clients.
#
-# This may cause problems for legitimate clients that send
-# non-standard line endings such as web applications, netcat, fax
-# machines, or load balancer health checks. Such clients need to be
-# excluded with smtpd_forbid_bare_newline_exclusions.
+# This will cause problems for legitimate clients that send a
+# non-standard End-of-DATA sequence such as web applications, netcat,
+# fax machines, or load balancer health checks. Such clients need
+# to be excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworks
<blockquote>
<pre>
-# Reject bare newlines from remote SMTP clients. Require the standard
-# End-of-DATA form <CR><LF>.<CR><LF>.
+# Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>.
+# Reject bare newlines from remote SMTP clients.
#
-# This will cause problems for legitimate clients that send
+# This will cause problems for legitimate clients that send any
# non-standard line endings such as web applications, netcat, fax
# machines, or load balancer health checks. Such clients need to be
# excluded with smtpd_forbid_bare_newline_exclusions.
<p> Replace each stray <CR> or <LF> character in message
content with a space character, to prevent outbound SMTP smuggling,
-and to make the evaluation of Postfix-added DKIM etc. signatures
+and to make the evaluation of Postfix-added DKIM or other signatures
independent from how a remote mail server handles such characters.
</p>
/* .IP "\fBcleanup_replace_stray_cr_lf (yes)\fR"
/* Replace each stray <CR> or <LF> character in message
/* content with a space character, to prevent outbound SMTP smuggling,
-/* and to make the evaluation of Postfix-added DKIM etc.
+/* and to make the evaluation of Postfix-added DKIM or other signatures
+/* independent from how a remote mail server handles such characters.
/* BEFORE QUEUE MILTER CONTROLS
/* .ad
/* .fi
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20240109"
+#define MAIL_RELEASE_DATE "20240110"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
/* .PP
/* Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
/* .IP "\fBsmtpd_forbid_bare_newline (Postfix >= 3.9: normalize)\fR"
-/* Reject or normalize commands and email message content when a
-/* remote SMTP client sends lines ending in <LF>.
+/* Reject or normalize commands and email message content when an
+/* SMTP client sends lines ending in <LF>.
/* .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
/* Exclude the specified clients from smtpd_forbid_bare_newline
/* enforcement.
#define BARE_LF_FLAG_NORMALIZE (1<<0) /* Best effort */
#define BARE_LF_FLAG_REJECT (1<<1) /* Purist */
-#define IS_BARE_LF_NORMALIZE(m) ((m) & BARE_LF_FLAG_NORMALIZE)
#define IS_BARE_LF_REJECT(m) ((m) & BARE_LF_FLAG_REJECT)
+#define IS_BARE_LF_DETECT(m) ((m) != 0)
static const NAME_CODE bare_lf_masks[] = {
"normalize", BARE_LF_FLAG_NORMALIZE,
int prev_rec_type;
int first = 1;
int prev_detected_bare_lf = 0;
- int require_crlf_dot_crlf = IS_BARE_LF_REJECT(smtp_forbid_bare_lf);
+ int require_crlf_dot_crlf = IS_BARE_LF_DETECT(smtp_forbid_bare_lf);
/*
* If deadlines are enabled, increase the time budget as message content
* because sendmail permits it.
*/
for (prev_rec_type = 0; /* void */ ; prev_rec_type = curr_rec_type,
- require_crlf_dot_crlf = (require_crlf_dot_crlf ||
- (IS_BARE_LF_NORMALIZE(smtp_forbid_bare_lf)
- && smtp_detected_bare_lf == 0)),
prev_detected_bare_lf = smtp_detected_bare_lf) {
if (smtp_get(state->buffer, state->client, var_line_limit,
SMTP_GET_FLAG_NONE) == '\n')
projects / thirdparty / postfix.git / commitdiff
