From faf23f150c5fa85c8e9af1e345d796d2c36a4577 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Fri, 22 Dec 2023 08:53:48 -0500
Subject: [PATCH] Guard against SMTP smuggling

This short-term workaround is recommended at https://www.postfix.org/smtp-smuggling.html:

    smtpd_data_restrictions=reject_unauth_pipelining
---
 setup/mail-postfix.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 5787e8c9..de5dee0e 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -69,6 +69,11 @@ tools/editconf.py /etc/postfix/main.cf \
 	maximal_queue_lifetime=2d \
 	bounce_queue_lifetime=1d
 
+# Guard against SMTP smuggling
+# This short-term workaround is recommended at https://www.postfix.org/smtp-smuggling.html
+tools/editconf.py /etc/postfix/main.cf \
+	smtpd_data_restrictions=reject_unauth_pipelining
+
 # ### Outgoing Mail
 
 # Enable the 'submission' ports 465 and 587 and tweak their settings.