diff --git a/CHANGELOG.md b/CHANGELOG.md
index 97642a01..c855c214 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+Version 67 (December 22, 2023)
+------------------------------
+
+* Guard against a newly published vulnerability called SMTP Smuggling. See https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/.
+
 Version 66 (December 17, 2023)
 ------------------------------
 
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index 38e20572..3b94e547 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -51,7 +51,7 @@ if [ -z "$TAG" ]; then
 	if [ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]; then
 		# This machine is running Ubuntu 22.04, which is supported by
 		# Mail-in-a-Box versions 60 and later.
-		TAG=v66
+		TAG=v67
 	elif [ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]; then
 		# This machine is running Ubuntu 18.04, which is supported by
 		# Mail-in-a-Box versions 0.40 through 5x.
diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 25e6aad8..21c0d49a 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -80,6 +80,11 @@ tools/editconf.py /etc/postfix/main.cf \
 	bounce_queue_lifetime=1d \
 	policy-spf_time_limit=3600
 
+# Guard against SMTP smuggling
+# This short-term workaround is recommended at https://www.postfix.org/smtp-smuggling.html
+tools/editconf.py /etc/postfix/main.cf \
+	smtpd_data_restrictions=reject_unauth_pipelining
+
 # ### Outgoing Mail
 
 # Enable the 'submission' ports 465 and 587 and tweak their settings.