From e7995ada3fdcbfbb9a0242e6020a0452a06354ef Mon Sep 17 00:00:00 2001
From: Antoine Nguyen <tonio@ngyn.org>
Date: Fri, 22 Dec 2023 16:50:26 +0100
Subject: [PATCH] Quickfix against SMTP smuggling

https://www.postfix.org/smtp-smuggling.html
---
 modoboa_installer/scripts/files/postfix/main.cf.tpl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modoboa_installer/scripts/files/postfix/main.cf.tpl b/modoboa_installer/scripts/files/postfix/main.cf.tpl
index 11fc84f..a8bdc7f 100644
--- a/modoboa_installer/scripts/files/postfix/main.cf.tpl
+++ b/modoboa_installer/scripts/files/postfix/main.cf.tpl
@@ -57,6 +57,11 @@ smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
 # Enable elliptic curve cryptography
 smtpd_tls_eecdh_grade = strong
 
+# SMTP Smuggling prevention
+# See https://www.postfix.org/smtp-smuggling.html
+smtpd_data_restrictions = reject_unauth_pipelining
+smtpd_forbid_unauth_pipelining = yes
+
 # Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
 smtp_tls_CApath = /etc/ssl/certs
 smtp_tls_security_level = may