Official News and A...
Clear all

Official News and Announcements

News and Announcements from Zextras regarding Carbonio and Carbonio CE


[SMTP Smuggling]

This issue is a spoofing attack concerning Postfix and was discovered recently. Their developers are working to provide a fix for the issue, but you can prevent your Carbonio to be affected by following these steps.


Before actually carrying out the steps, read the article to check background information and mitigation:

In Carbonio, a modified version of Postfix 3.8.3 is used, so you do need to change only one of the two variables, smtpd_discard_ehlo_keywords.

  1. Login to your Carbonio as the root user

  2. Go to directory /opt/zextras/common/conf

    # cd /opt/zextras/common/conf


  3. Open file and search for variable smtpd_discard_ehlo_keywords=

    there should be no value provided (i.e., there’s nothing after the =, so add the word chunking. The resulting line must read:

    smtpd_discard_ehlo_keywords = chunking


  4. Save the file and run, as the zextras user, the command

    # su - zextras -c "zmmtactl reload"
Topic Title