Zextras Forum
Articles
- Subforums:
- Tech Articles
- Blog Articles
Official News and Announcements
News and Announcements from Zextras regarding Carbonio and Carbonio CE
[SMTP Smuggling]
This issue is a spoofing attack concerning Postfix and was discovered recently. Their developers are working to provide a fix for the issue, but you can prevent your Carbonio to be affected by following these steps.
Hint
Before actually carrying out the steps, read the article to check background information and mitigation: https://www.postfix.org/smtp-smuggling.html
In Carbonio, a modified version of Postfix 3.8.3 is used, so you do need to change only one of the two variables, smtpd_discard_ehlo_keywords
.
Login to your Carbonio as the
root
userGo to directory
/opt/zextras/common/conf
# cd /opt/zextras/common/conf
Open file
main.cf
and search for variablesmtpd_discard_ehlo_keywords=
there should be no value provided (i.e., there’s nothing after the
=
, so add the word chunking. The resulting line must read:smtpd_discard_ehlo_keywords = chunking
Save the file and run, as the
zextras
user, the command# su - zextras -c "zmmtactl reload"
Carbonio CE - Feedback Survey
Install & Setup
Core Features (storage, backup, admin, external client sync)
Collaboration features (Drive, Docs, Team and Mobile Apps)
Zimbra Build by Zextras - no Zextras support guaranteed
- 29 Forums
- 2,389 Topics
- 5,922 Posts
- 8 Online
- 22.8 K Members