Plesk for Linux ships Postfix 3.5.x (Redhat <= 8 and Ubuntu 18), the vulnerability fix is expected soon, the team is working on the fix. Other Plesk for Linux installations use system package.
All clients using Plesk for Linux can apply short-term the workaround from the article https://www.postfix.org/smtp-smuggling.html#:~:text=Short%2Dterm%20workarounds ( https://www.postfix.org/smtp-smuggling.html#:~:text=Short%2Dterm%20workarounds ).
It impacts some Postfix clients and addresses the issue only partially (covers only misuse of SMTP command pipelining). Long-term fix is advised. See https://www.postfix.org/smtp-smuggling.html#:~:text=across%20the%20Internet.-,Long%2Dterm%20fix,-A%20long%2Dterm. ( https://www.postfix.org/smtp-smuggling.html#:~:text=across%20the%20Internet.-,Long%2Dterm%20fix,-A%20long%2Dterm )
- For Redhat <= and Ubuntu 18 the fix will be delivered with the Plesk update. After the update users also need to change the configuration, see the [ https://www.postfix.org/smtp-smuggling.html#:~:text=across%20the%20Internet.-,Long%2Dterm%20fix,-A%20long%2Dterm] advisory ( https://www.postfix.org/smtp-smuggling.html#:~:text=across%20the%20Internet.-,Long%2Dterm%20fix,-A%20long%2Dterm]advisory ) from Postfix.
- For other Linux OSes users should consider applying the corresponding patches from OS vendors and applying the corresponding configuration change, see the [ https:// ( http://see/ ) www.postfix.org/smtp-smuggling.html#:~:text=across%20the%20Internet.-,Long%2Dterm%20fix,-A%20long%2Dterm] advisory ( https://webpros.slack.com//www.postfix.org/smtp-smuggling.html#:~:text=across%20the%20Internet.-,Long%2Dterm%20fix,-A%20long%2Dterm]advisory ) from Postfix.
— PD
Jan Bludau
shared this idea
