From bc863b4bbc131a8046a81314178ab8ac6ce5f7a7 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 28 Dec 2023 08:51:50 +0100
Subject: [PATCH] Long term fix against SMTP smuggling

---
 core/postfix/conf/main.cf           | 3 +--
 towncrier/newsfragments/3101.bugfix | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf
index 9f3a7878..e1d9134d 100644
--- a/core/postfix/conf/main.cf
+++ b/core/postfix/conf/main.cf
@@ -25,8 +25,7 @@ podop = socketmap:unix:/tmp/podop.socket:
 
 postscreen_upstream_proxy_protocol = haproxy
 compatibility_level=3.6
-# see https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html
-smtpd_forbid_unauth_pipelining=yes
+smtpd_forbid_bare_newline=yes
 
 # Only accept virtual emails
 mydestination =
diff --git a/towncrier/newsfragments/3101.bugfix b/towncrier/newsfragments/3101.bugfix
index bc71bba6..84f82af2 100644
--- a/towncrier/newsfragments/3101.bugfix
+++ b/towncrier/newsfragments/3101.bugfix
@@ -1 +1 @@
-Prevent SMTP smuggling; see https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html
+Long term fix agaist SMTP smuggling (disable bare_newline)