and "normalize". The default setting "normalize" (and "yes")
will accept bare newlines from local or remote SMTP clients,
but if any DATA content line ends in <CR><LF>, require the
- standard End-of-DATA form <CR><LF>.<CR><LF> and skip plus
- log non-standard End-of-DATA forms. This may fail to receive
+ standard End-of-DATA form <CR><LF>.<CR><LF> and skip
+ non-standard End-of-DATA forms. This may fail to receive
email from legitimate clients that send a mix of lines
ending in <LF> and <CR><LF>. If such clients exist, they
need to be excluded with smtpd_forbid_bare_newline_exclusions.
Tooling: mantools/dehtml was breaking words in code examples,
causing false spellchecker errors. File: mantools/dehtml,
proto/stop.double-proto-html.
+
+20240105
+
+ Cleanup: don't spam the log with unexpected End-of-DATA
+ forms. Files: proto/postconf.proto, smtpd/smtpd.c,
+ RELEASE_NOTES.
+
+20240106
+
+ Bugfix: with smtpd_forbid_bare_newline enabled, do not
+ "strip" extra <CR> characters before <LF>. This avoids
+ ambiguity when a client sends extra <CR> characters as in
+ <CR><LF>.<CR><CR><LF>. File: global/smtp_stream.c.
This updates Postfix fixes for SMTP smuggling attacks, For background,
see https://www.postfix.org/smtp-smuggling.html
-This release improves configuration (see below) and logging (it now
-includes helo, mail, and rcpt information if available).
+This release improves configuration (see below) and logging for rejected
+input (it now includes helo, mail, and rcpt information if available).
+This will be back ported to Postfix 3.8.5, 3.7.10, 3.6.14, and 3.5.24.
+
+- Stricter enforcement of <CR><LF>.<CR><LF>; earlier versions ignored
+ extra <CR> before <LF>, causing ambiguity about what the client
+ actually sent.
- The new setting "smtpd_forbid_bare_newline = normalize" allows
bare newlines from local and remote SMTP clients that send bare
# Allow bare newlines from local and remote SMTP clients. If any DATA
# content line ends in <CR><LF>, require the standard End-of-DATA form
- # <CR><LF>.<CR><LF> and skip non-standard End-of-DATA forms with
- # logging that looks like:
- #
- # skipping unexpected <LF>.<LF> in DATA from...
- # skipping unexpected <LF>.<CR><LF> in DATA from...
+ # <CR><LF>.<CR><LF>, and skip other End-of-DATA forms.
#
- # This may fail to receive email from legitimate clients that send a
- # mix of lines ending in <LF> and <CR><LF>. If such clients exist,
- # they need to be excluded with smtpd_forbid_bare_newline_exclusions.
+ # This may cause problems for legitimate clients that send
+ # non-standard line endings such web applications, netcat, fax
+ # machines, or load balancer health checks. Such clients need to be
+ # excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworks
Alternative settings:
- # Reject bare newlines from remote SMTP clients, but allow them from
- # local non-standard clients such as netcat, fax machines, or load
- # balancer health checks.
+ # Reject bare newlines from remote SMTP clients. Require the standard
+ # End-of-DATA form <CR><LF>.<CR><LF>.
+ #
+ # This will cause problems for legitimate clients that send
+ # non-standard line endings such web applications, netcat, fax
+ # machines, or load balancer health checks. Such clients need to be
+ # excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = reject
smtpd_forbid_bare_newline_exclusions = $mynetworks
-This will be back ported to Postfix 3.8.5, 3.7.10, 3.6.14, and 3.5.24.
-
Incompatible changes with snapshot 20231221
===========================================
<DT><b><a name="smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
(default: Postfix ≥ 3.9: normalize)</b></DT><DD>
-<p> Disconnect, reject, or normalize commands and email message
-content when a remote SMTP client sends lines ending in <LF>.
-Such line endings are commonly allowed with UNIX-based SMTP servers,
-
but they violate the <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> requirement that lines must end in
+<p> Reject or normalize commands and email message content when a
+remote SMTP client sends lines ending in <LF>. Such line
+endings are commonly allowed with UNIX-based SMTP servers, but they
+violate the <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> requirement that lines must end in
<CR><LF>. <.p>
<p> Specify one of the following values (case does not matter): </p>
SMTP clients that send lines ending in the non-standard <LF>,
and treat those line endings as if the client sent the standard
<CR><LF>. However, if an SMTP client sends any DATA
-content line ending in the standard <CR><LF>, support
-only the standard End-of-DATA form
-<CR><LF>.<CR><LF>, and skip non-standard
-End-of-DATA forms after logging them as:
-<blockquote>
-<pre>
-skipping unexpected <LF>.<LF> in DATA from...
-skipping unexpected <LF>.<CR><LF> in DATA from...
-</pre>
-</blockquote>
-This may fail to receive email from legitimate SMTP clients that
-send DATA content with a mix of line endings. Such clients need
-to be excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. </dd>
+content line ending in the standard <CR><LF>, require
+the standard End-of-DATA form <CR><LF>.<CR><LF>,
+and skip non-standard End-of-DATA forms. <br> This may fail to
+receive email from legitimate SMTP clients that send non-standard
+line endings such web applications, netcat, fax machines, or load
+balancer health checks. Such clients need to be excluded with
+<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. </dd>
<dt> <b>yes</b> </dt> <dd> Alias for "normalize". </dd>
<dt> <b>reject</b> </dt> <dd> When an SMTP client sends a command
or message content line ending in <LF>, log a "bare <LF>
-received" error, and reject the command or message content with
-<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a>. This will fail to receive
-email from legitimate SMTP clients that send command or message
-content with lines ending in <LF>. Such clients need to be
-excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. </dd>
+received" error, reject the command or message content with
+<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a>, and require the standard
+End-of-DATA form <CR><LF>.<CR><LF>. <br>
+This will fail to receive email from legitimate SMTP clients that
+send non-standard line endings such web applications, netcat, fax
+machines, or load balancer health checks. Such clients need to be
+excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. </dd>
<dt> <b>no</b> </dt> <dd> Treat all lines ending in <LF>
as if the client sent <CR><LF>. This option is fully
<blockquote>
<pre>
-# Allow bare newlines from local and remote SMTP clients. If any
-# DATA content line ends in <CR><LF>, require the standard End-of-DATA
-# form <CR><LF>.<CR><LF> and skip plus log non-standard forms.
-# This may fail to receive email from legitimate clients that send a
-# mix of lines ending in <LF> and <CR><LF>. If such clients exist,
-# they need to be excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>.
+# Allow bare newlines from local and remote SMTP clients. If any DATA
+# content line ends in <CR><LF>, require the standard End-of-DATA form
+# <CR><LF>.<CR><LF> and skip other End-of-DATA forms.
+#
+# This may cause problems for legitimate clients that send
+# non-standard line endings such as web applications, netcat, fax
+# machines, or load balancer health checks. Such clients need to be
+# excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>.
#
<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = normalize
<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
<blockquote>
<pre>
-# Reject bare newlines from remote SMTP clients, but allow them from
-# local non-standard clients such as netcat, fax machines, or load
-# balancer health checks.
+# Reject bare newlines from remote SMTP clients. Require the standard
+# End-of-DATA form <CR><LF>.<CR><LF>.
+#
+# This will cause problems for legitimate clients that send
+# non-standard line endings such as web applications, netcat, fax
+# machines, or load balancer health checks. Such clients need to be
+# excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>.
#
<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject
<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
<b><a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> (Postfix</b> ><b>= 3.9: normalize)</b>
- Disconnect, reject, or normalize commands and email message con-
- tent when a remote SMTP client sends lines ending in <LF>.
+ Reject or normalize commands and email message content when a
+ remote SMTP client sends lines ending in <LF>.
<b><a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
Exclude the specified clients from <a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
.PP
This feature is available in Postfix 2.0 and later.
.SH smtpd_forbid_bare_newline (default: Postfix >= 3.9: normalize)
-Disconnect, reject, or normalize commands and email message
-content when a remote SMTP client sends lines ending in <LF>.
-Such line endings are commonly allowed with UNIX\-based SMTP servers,
-but they violate the RFC 5321 requirement that lines must end in
+Reject or normalize commands and email message content when a
+remote SMTP client sends lines ending in <LF>. Such line
+endings are commonly allowed with UNIX\-based SMTP servers, but they
+violate the RFC 5321 requirement that lines must end in
<CR><LF>. <.p>
.PP
Specify one of the following values (case does not matter):
SMTP clients that send lines ending in the non\-standard <LF>,
and treat those line endings as if the client sent the standard
<CR><LF>. However, if an SMTP client sends any DATA
-content line ending in the standard <CR><LF>, support
-only the standard End\-of\-DATA form
-<CR><LF>.<CR><LF>, and skip non\-standard
-End\-of\-DATA forms after logging them as:
-.sp
-.in +4
-.nf
-.na
-.ft C
-skipping unexpected <LF>.<LF> in DATA from...
-skipping unexpected <LF>.<CR><LF> in DATA from...
-.fi
-.ad
-.ft R
-.in -4
-This may fail to receive email from legitimate SMTP clients that
-send DATA content with a mix of line endings. Such clients need
-to be excluded with smtpd_forbid_bare_newline_exclusions.
+content line ending in the standard <CR><LF>, require
+the standard End\-of\-DATA form <CR><LF>.<CR><LF>,
+and skip non\-standard End\-of\-DATA forms.
+.br
+This may fail to
+receive email from legitimate SMTP clients that send non\-standard
+line endings such web applications, netcat, fax machines, or load
+balancer health checks. Such clients need to be excluded with
+smtpd_forbid_bare_newline_exclusions.
.br
.IP "\fByes\fR"
Alias for "normalize".
.IP "\fBreject\fR"
When an SMTP client sends a command
or message content line ending in <LF>, log a "bare <LF>
-received" error, and reject the command or message content with
-smtpd_forbid_bare_newline_reject_code. This will fail to receive
-email from legitimate SMTP clients that send command or message
-content with lines ending in <LF>. Such clients need to be
+received" error, reject the command or message content with
+smtpd_forbid_bare_newline_reject_code, and require the standard
+End\-of\-DATA form <CR><LF>.<CR><LF>.
+.br
+This will fail to receive email from legitimate SMTP clients that
+send non\-standard line endings such web applications, netcat, fax
+machines, or load balancer health checks. Such clients need to be
excluded with smtpd_forbid_bare_newline_exclusions.
.br
.IP "\fBno\fR"
.nf
.na
.ft C
-# Allow bare newlines from local and remote SMTP clients. If any
-# DATA content line ends in <CR><LF>, require the standard End\-of\-DATA
-# form <CR><LF>.<CR><LF> and skip plus log non\-standard forms.
-# This may fail to receive email from legitimate clients that send a
-# mix of lines ending in <LF> and <CR><LF>. If such clients exist,
-# they need to be excluded with smtpd_forbid_bare_newline_exclusions.
+# Allow bare newlines from local and remote SMTP clients. If any DATA
+# content line ends in <CR><LF>, require the standard End\-of\-DATA form
+# <CR><LF>.<CR><LF> and skip other End\-of\-DATA forms.
+#
+# This may cause problems for legitimate clients that send
+# non\-standard line endings such as web applications, netcat, fax
+# machines, or load balancer health checks. Such clients need to be
+# excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworks
.nf
.na
.ft C
-# Reject bare newlines from remote SMTP clients, but allow them from
-# local non\-standard clients such as netcat, fax machines, or load
-# balancer health checks.
+# Reject bare newlines from remote SMTP clients. Require the standard
+# End\-of\-DATA form <CR><LF>.<CR><LF>.
+#
+# This will cause problems for legitimate clients that send
+# non\-standard line endings such as web applications, netcat, fax
+# machines, or load balancer health checks. Such clients need to be
+# excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = reject
smtpd_forbid_bare_newline_exclusions = $mynetworks
.PP
Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
.IP "\fBsmtpd_forbid_bare_newline (Postfix >= 3.9: normalize)\fR"
-Disconnect, reject, or normalize commands and email message
-content when a remote SMTP client sends lines ending in <LF>.
+Reject or normalize commands and email message content when a
+remote SMTP client sends lines ending in <LF>.
.IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
Exclude the specified clients from smtpd_forbid_bare_newline
enforcement.
%PARAM smtpd_forbid_bare_newline Postfix ≥ 3.9: normalize
-<p> Disconnect, reject, or normalize commands and email message
-content when a remote SMTP client sends lines ending in <LF>.
-Such line endings are commonly allowed with UNIX-based SMTP servers,
-but they violate the RFC 5321 requirement that lines must end in
+<p> Reject or normalize commands and email message content when a
+remote SMTP client sends lines ending in <LF>. Such line
+endings are commonly allowed with UNIX-based SMTP servers, but they
+violate the RFC 5321 requirement that lines must end in
<CR><LF>. <.p>
<p> Specify one of the following values (case does not matter): </p>
SMTP clients that send lines ending in the non-standard <LF>,
and treat those line endings as if the client sent the standard
<CR><LF>. However, if an SMTP client sends any DATA
-content line ending in the standard <CR><LF>, support
-only the standard End-of-DATA form
-<CR><LF>.<CR><LF>, and skip non-standard
-End-of-DATA forms after logging them as:
-<blockquote>
-<pre>
-skipping unexpected <LF>.<LF> in DATA from...
-skipping unexpected <LF>.<CR><LF> in DATA from...
-</pre>
-</blockquote>
-This may fail to receive email from legitimate SMTP clients that
-send DATA content with a mix of line endings. Such clients need
-to be excluded with smtpd_forbid_bare_newline_exclusions. </dd>
+content line ending in the standard <CR><LF>, require
+the standard End-of-DATA form <CR><LF>.<CR><LF>,
+and skip non-standard End-of-DATA forms. <br> This may fail to
+receive email from legitimate SMTP clients that send non-standard
+line endings such web applications, netcat, fax machines, or load
+balancer health checks. Such clients need to be excluded with
+smtpd_forbid_bare_newline_exclusions. </dd>
<dt> <b>yes</b> </dt> <dd> Alias for "normalize". </dd>
<dt> <b>reject</b> </dt> <dd> When an SMTP client sends a command
or message content line ending in <LF>, log a "bare <LF>
-received" error, and reject the command or message content with
-smtpd_forbid_bare_newline_reject_code. This will fail to receive
-email from legitimate SMTP clients that send command or message
-content with lines ending in <LF>. Such clients need to be
-excluded with smtpd_forbid_bare_newline_exclusions. </dd>
+received" error, reject the command or message content with
+smtpd_forbid_bare_newline_reject_code, and require the standard
+End-of-DATA form <CR><LF>.<CR><LF>. <br>
+This will fail to receive email from legitimate SMTP clients that
+send non-standard line endings such web applications, netcat, fax
+machines, or load balancer health checks. Such clients need to be
+excluded with smtpd_forbid_bare_newline_exclusions. </dd>
<dt> <b>no</b> </dt> <dd> Treat all lines ending in <LF>
as if the client sent <CR><LF>. This option is fully
<blockquote>
<pre>
-# Allow bare newlines from local and remote SMTP clients. If any
-# DATA content line ends in <CR><LF>, require the standard End-of-DATA
-# form <CR><LF>.<CR><LF> and skip plus log non-standard forms.
-# This may fail to receive email from legitimate clients that send a
-# mix of lines ending in <LF> and <CR><LF>. If such clients exist,
-# they need to be excluded with smtpd_forbid_bare_newline_exclusions.
+# Allow bare newlines from local and remote SMTP clients. If any DATA
+# content line ends in <CR><LF>, require the standard End-of-DATA form
+# <CR><LF>.<CR><LF> and skip other End-of-DATA forms.
+#
+# This may cause problems for legitimate clients that send
+# non-standard line endings such as web applications, netcat, fax
+# machines, or load balancer health checks. Such clients need to be
+# excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = normalize
smtpd_forbid_bare_newline_exclusions = $mynetworks
<blockquote>
<pre>
-# Reject bare newlines from remote SMTP clients, but allow them from
-# local non-standard clients such as netcat, fax machines, or load
-# balancer health checks.
+# Reject bare newlines from remote SMTP clients. Require the standard
+# End-of-DATA form <CR><LF>.<CR><LF>.
+#
+# This will cause problems for legitimate clients that send
+# non-standard line endings such as web applications, netcat, fax
+# machines, or load balancer health checks. Such clients need to be
+# excluded with smtpd_forbid_bare_newline_exclusions.
#
smtpd_forbid_bare_newline = reject
smtpd_forbid_bare_newline_exclusions = $mynetworks
smtpd smtpd c global smtp_stream hc global cleanup_user h
smtpd smtpd c smtpd smtpd_check c
keep reading message content after an unexpected LF LF
+ forms Files proto postconf proto smtpd smtpd c
+ CR LF CR CR LF File global smtp_stream c
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20240104"
+#define MAIL_RELEASE_DATE "20240106"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
*/
case '\n':
vstring_truncate(vp, VSTRING_LEN(vp) - 1);
- if (smtp_forbid_bare_lf
- && (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r'))
- smtp_seen_bare_lf = smtp_forbid_bare_lf;
- while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
- vstring_truncate(vp, VSTRING_LEN(vp) - 1);
+ if (smtp_forbid_bare_lf) {
+ if (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r')
+ smtp_seen_bare_lf = smtp_forbid_bare_lf;
+ else
+ vstring_truncate(vp, VSTRING_LEN(vp) - 1);
+ } else {
+ while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
+ vstring_truncate(vp, VSTRING_LEN(vp) - 1);
+ }
VSTRING_TERMINATE(vp);
/* FALLTRHOUGH */
/* .PP
/* Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
/* .IP "\fBsmtpd_forbid_bare_newline (Postfix >= 3.9: normalize)\fR"
-/* Disconnect, reject, or normalize commands and email message
-/* content when a remote SMTP client sends lines ending in <LF>.
+/* Reject or normalize commands and email message content when a
+/* remote SMTP client sends lines ending in <LF>.
/* .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
/* Exclude the specified clients from smtpd_forbid_bare_newline
/* enforcement.
int prev_rec_type;
int first = 1;
int prev_seen_bare_lf = 0;
- int expect_crlf_dot = 0;
+ int expect_crlf_dot = IS_BARE_LF_REJECT(smtp_forbid_bare_lf);
/*
* If deadlines are enabled, increase the time budget as message content
out_record(out_stream, REC_TYPE_NORM, "", 0);
}
if (prev_rec_type != REC_TYPE_CONT && *start == '.') {
- if (len == 1 && prev_seen_bare_lf && expect_crlf_dot) {
- if (IS_BARE_LF_NORMALIZE(prev_seen_bare_lf))
- msg_info("%s: skipping unexpected <LF>.%s in DATA from %s",
- state->queue_id ? state->queue_id : "NOQUEUE",
- smtp_seen_bare_lf ? "<LF>" : "<CR><LF>",
- state->namaddr);
+ if (len == 1 && expect_crlf_dot
+ && (smtp_seen_bare_lf || prev_seen_bare_lf))
continue;
- }
if (proxy == 0 ? (++start, --len) == 0 : len == 1)
break;
}
projects / thirdparty / postfix.git / commitdiff
