PMG | SMTP-Smuggling

[Xela]

Has the vulnerability SMTP-Smuggling (CVE-2023-51764) already been mitigated in the current PMG standard setup?

https://media.ccc.de/v/37c3-11782-smtp_smuggling_spoofing_e-mails_worldwide#t=1836

https://www.postfix.org/smtp-smuggling.html

 

[fabian]

see https://forum.proxmox.com/threads/smtp-smuggling-mitigation.138576/

 

[Xela]

Thanks for the info.

Is there anything special to consider with the following version?

Mail Gateway 7.3-8 (subscription)
mail_version = 3.5.18
OpenSSL 1.1.1w 11 Sep 2023

 

[fabian]

the linked thread contains all the relevant information in the first post, including how to check for the fix being active.