Official News and Announcements
News and Announcements from Zextras regarding Carbonio and Carbonio CE
[SMTP Smuggling]
This issue is a spoofing attack concerning Postfix and was discovered recently. Their developers are working to provide a fix for the issue, but you can prevent your Carbonio to be affected by following these steps.
In Carbonio, a modified version of Postfix 3.8.3 is used, so you do need to change only one of the two variables, smtpd_discard_ehlo_keywords
.
Login to your Carbonio as the
root
userGo to directory
/opt/zextras/common/conf
# cd /opt/zextras/common/conf
Open file
main.cf
and search for variablesmtpd_discard_ehlo_keywords=
there should be no value provided (i.e., there’s nothing after the
=
, so add the word chunking. The resulting line must read:smtpd_discard_ehlo_keywords = chunking
Save the file and run, as the
zextras
user, the command# su - zextras -c "zmmtactl reload"