Merge remote-tracking branch 'upstream/main' into merge-upstream

downtownallday · Mar 23, 2024 · 6ade958 · 6ade958
2 parents 7e03b65 + 14d0e20
commit 6ade958
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,31 @@
 CHANGELOG
 =========
 
+In Development
+--------------
+
+Package updates:
+
+* Roundcube updated to version 1.6.6.
+* Nextcloud is updated to version 22.0.12.
+
+Mail:
+
+* Updated postfix's configuration to guard against SMTP smuggling to the long-term fix (https://www.postfix.org/smtp-smuggling.html).
+
+Control Panel:
+
+* Improved reporting of Spamhaus response codes.
+* Improved detection of SSH port.
+* Fixed an error if last saved status check results were corrupted.
+* Other minor fixes.
+
+Other:
+
+* fail2ban is updated to see "HTTP/2.0" requests to munin also.
+* Internal improvements to the code to make it more reliable and readable.
+
+
 Version 67 (December 22, 2023)
 ------------------------------
 

diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
@@ -81,10 +81,16 @@ tools/editconf.py /etc/postfix/main.cf \
 	policy-spf_time_limit=3600
 
 # Guard against SMTP smuggling
-# This short-term workaround is recommended at https://www.postfix.org/smtp-smuggling.html
+# This "long-term" fix is recommended at https://www.postfix.org/smtp-smuggling.html.
+# This beecame supported in a backported fix in package version 3.6.4-1ubuntu1.3. It is
+# unnecessary in Postfix 3.9+ where this is the default. The "short-term" workarounds
+# that we previously had are reverted to postfix defaults (though smtpd_discard_ehlo_keywords
+# was never included in a released version of Mail-in-a-Box).
+tools/editconf.py /etc/postfix/main.cf -e \
+       smtpd_data_restrictions= \
+       smtpd_discard_ehlo_keywords=
 tools/editconf.py /etc/postfix/main.cf \
-	smtpd_data_restrictions=reject_unauth_pipelining \
-	smtpd_discard_ehlo_keywords="chunking, silent-discard"
+       smtpd_forbid_bare_newline=normalize
 
 # ### Outgoing Mail
 

diff --git a/tools/editconf.py b/tools/editconf.py
@@ -39,7 +39,7 @@
 
 # sanity check
 if len(sys.argv) < 3:
-	print("usage: python3 editconf.py /etc/file.conf [-s] [-w] [-c <CHARACTER>] [-t] NAME=VAL [NAME=VAL ...]")
+	print("usage: python3 editconf.py /etc/file.conf [-e] [-s] [-w] [-c <CHARACTER>] [-t] NAME=VAL [NAME=VAL ...]")
 	sys.exit(1)
 
 # parse command line arguments