From bcfba987e41db1a34d9900b777f16677357f82bb Mon Sep 17 00:00:00 2001
From: aartoni <arto7796@gmail.com>
Date: Fri, 29 Dec 2023 16:39:06 +0100
Subject: [PATCH 1/2] Short-term workaround to prevent SMTP smuggling

---
 emailwiz.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emailwiz.sh b/emailwiz.sh
index ce8e1f5..c7d952f 100644
--- a/emailwiz.sh
+++ b/emailwiz.sh
@@ -308,6 +308,10 @@ postconf -e 'smtpd_milters = inet:localhost:12301'
 postconf -e 'non_smtpd_milters = inet:localhost:12301'
 postconf -e 'mailbox_command = /usr/lib/dovecot/deliver'
 
+# Short-term workaround to prevent SMTP smuggling
+postconf -e 'smtpd_forbid_unauth_pipelining = yes'
+postconf -e 'smtpd_discard_ehlo_keywords = chunking'
+
 # A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442
 /lib/opendkim/opendkim.service.generate
 systemctl daemon-reload

From 1d3d7e7ba954b702aff79886d4286d0130723ab0 Mon Sep 17 00:00:00 2001
From: aartoni <arto7796@gmail.com>
Date: Sat, 10 Feb 2024 14:55:54 +0100
Subject: [PATCH 2/2] Long term fix to prevent SMTP smuggling

---
 emailwiz.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/emailwiz.sh b/emailwiz.sh
index c7d952f..ee5440c 100644
--- a/emailwiz.sh
+++ b/emailwiz.sh
@@ -308,9 +308,9 @@ postconf -e 'smtpd_milters = inet:localhost:12301'
 postconf -e 'non_smtpd_milters = inet:localhost:12301'
 postconf -e 'mailbox_command = /usr/lib/dovecot/deliver'
 
-# Short-term workaround to prevent SMTP smuggling
-postconf -e 'smtpd_forbid_unauth_pipelining = yes'
-postconf -e 'smtpd_discard_ehlo_keywords = chunking'
+# Long-term fix to prevent SMTP smuggling
+postconf -e 'smtpd_forbid_bare_newline = normalize'
+postconf -e 'smtpd_forbid_bare_newline_exclusions = $mynetworks'
 
 # A fix for "Opendkim won't start: can't open PID file?", as specified here: https://serverfault.com/a/847442
 /lib/opendkim/opendkim.service.generate