Known Issues

Contents

Known Issues#

This section contains a section that lists known issues, if present in the current release, and their resolution or mitigation. We will advise promptly when the issues listed here have a definite solution.

SMTP Smuggling#

Fixed in version 24.1.0

Apply these changes if you are running Carbonio CE version 23.12.0 or older!

This issue is a spoofing attack concerning Postfix and was discovered recently. Their developers are working to provide a fix for the issue, but you can prevent your Carbonio CE to be affected by following these steps.

Hint

Before actually carrying out the steps, read the article to check background information and mitigation: https://www.postfix.org/smtp-smuggling.html

In Carbonio CE, a modified version of Postfix is used, so you do need to change only one of the two variables, smtpd_discard_ehlo_keywords.

  1. Login to your Carbonio CE as the root user

  2. Go to directory /opt/zextras/common/conf

    # cd /opt/zextras/common/conf
    
  3. Open file main.cf and search for variable smtpd_discard_ehlo_keywords=

    there should be no value provided (i.e., there’s nothing after the =, so add the word chunking. The resulting line must read:

    smtpd_discard_ehlo_keywords = chunking
    
  4. Save the file and run, as the zextras user, the command

    # su - zextras -c "zmmtactl reload"