This is a new attack and AFAIK Carbonio is vulnerable to it.
To know more about SMTP Smuggling take a look at this article SMTP Smuggling - Spoofing E-Mails Worldwide
To fix it immediately follow the steps suggested by Zimbra on this Barry's article Zimbra and SMTP Smuggling attack on Postfix
For the lazy ones:
echo smtpd_discard_ehlo_keywords=chunking >> /opt/zextras/common/conf/main.cf echo smtpd_discard_ehlo_keywords=chunking >> /opt/zextras/common/conf/main.cf.default echo smtpd_discard_ehlo_keywords=chunking >> /opt/zextras/common/conf/main.cf.proto su - zextras -c"zmmtactl restart"
Regards
And now it's also in Carbonio's official docs:
https://docs.zextras.com/carbonio/html/release/issues.html
Well done guys!
That article is NOT correct. The "main.cf" is generated anew every day after rotating logs as a consequence of a zmconfigd restart. You can simulate this behavior by running "/opt/zextras/libexec/configrewrite mta" as user 'zextras'. The same command is called by "zmmtactl". So if you check your 'main.cf' after issuing 'zmmtactl restart' your modification is gone.
To make it permanent, you have to edit the file /opt/zextras/conf/zmconfig.cf, search for "SECTION mta DEPENDS amavis", and anywhere in that section but before "RESTART mta" add:
POSTCONF smtpd_discard_ehlo_keywords chunking
Then do the 'zmmtactl restart' and the new line will appear in 'main.cf' and will survive the logrotate too 🙂
Regarding main.cf.proto and main.cf.default, AFAIK they are not used, but are part of the Postfix build.
Well... I went to take a look at mine main.cf and figured "smtpd_discard_ehlo_keywords=chunking" is still there for many days now... and I was wondering why mine was there?
Then I ran "/opt/zextras/libexec/configrewrite mta" and "zmconfigdctl restart" and it still there... and I didn't changed /opt/zextras/conf/zmconfig.cf at all.
So I remembered that I didn't change only main.cf, but also main.cf.default and main.cf.proto as sugegsted by Barry's article in Zimbra's blog.
I'll suggest you all to get it done this way:
echo smtpd_discard_ehlo_keywords=chunking >> /opt/zextras/common/conf/main.cf echo smtpd_discard_ehlo_keywords=chunking >> /opt/zextras/common/conf/main.cf.default echo smtpd_discard_ehlo_keywords=chunking >> /opt/zextras/common/conf/main.cf.proto su - zextras -c"zmmtactl restart
OFC fixing /opt/zextras/conf/zmconfig.cf wil work, but it probably wont survive next upgrade, because that file is usually overwritten.
In time: Happy New Year!
Telegram: https://t.me/CarbonioMail
The way I described is how it was running with Zimbra and it works the same way with Carbonio, at least with my installation.
In my Carbonio "main.cf" is regenerated every night via logrotate, because zmconfigd is restarted. Can you check if you have /etc/logrotate.d/carbonio and if zmconfigd is running? And of course if logrotate is triggered by cron.
I installed it on RHEL, may be on Ubuntu there is no logrotate and everything goes via journalctl. Or may be Carbonio is planning to drop zmconfigd.
In any case it is interesting to see why we have this difference.
@cvidal it must be a Linux Distribution difference in the way they deal with it... I'm using Ubuntu 20.04 and yes it's all running and rotating as expected.
Thank you for your feedback!
What happens if you do "/opt/zextras/libexec/configrewrite mta" as user 'zextras'? May be main.cf is not writable by zextras, or zmconfigd is not running.
From your description it seems that your "main.cf" is never re-written, but it should. For instance, if you modify "My Networks" in the admin console (MTA -> Outbound flow -> My network), it should trigger a "main.cf" update ...
I will open a Carbonio ticket to have more info about this issue.
And yes, happy New Year! 🙂
Yep, no matter what, nothing removes "smtpd_discard_ehlo_keywords=chunking" from main.cf... let tel you what I did:
1 - I checked and yes, zmconfigd is up and running all times;
2 - Changed mynetworks from the Admin UI didn't work at all (MTA -> Outbound flow -> My network) not even doing a manual "zmcontrol restart". Funny is that the field in Admin UI have the new IP I put there, but no matter what, main.cf doesn't.
3 - I ran "/opt/zextras/libexec/configrewrite mta" as zextras user and as root, just to be sure... nothing changed;
4 - I finally rebooted the server... and it's the same.
I'm using Carbonio CE 23.12.0 on Ubuntu 20.04 btw
Interesting right?
Telegram: https://t.me/CarbonioMail
One more piece of information... I used the commands below to force a mynetworks change:
zmprov ms hostname zimbraMtaMyNetworks '127.0.0.0/8 192.168.10.0/24 192.168.20.0/24' zmmtactl restart
And it worked... mynetworks in main.cf changed as expected.... but "smtpd_discard_ehlo_keywords=chunking" is still there 🤣
Telegram: https://t.me/CarbonioMail