Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports . but some other popular e-mail servers do not. To prevent attack variants (by always disallowing without ), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Postfix | Postfix | * | 3.5.23 (excluding) |
| Postfix | Postfix | 3.6.0 (including) | 3.6.13 (excluding) |
| Postfix | Postfix | 3.7.0 (including) | 3.7.9 (excluding) |
| Postfix | Postfix | 3.8.0 (including) | 3.8.4 (excluding) |
| Red Hat Enterprise Linux 9 | RedHat | postfix-2:3.5.25-1.el9 | * |
| Postfix | Ubuntu | bionic | * |
| Postfix | Ubuntu | esm-infra/bionic | * |
| Postfix | Ubuntu | esm-infra/xenial | * |
| Postfix | Ubuntu | focal | * |
| Postfix | Ubuntu | jammy | * |
| Postfix | Ubuntu | lunar | * |
| Postfix | Ubuntu | mantic | * |
| Postfix | Ubuntu | trusty | * |
| Postfix | Ubuntu | trusty/esm | * |
| Postfix | Ubuntu | upstream | * |
| Postfix | Ubuntu | xenial | * |