Zimbra's default postfix config already has this enabled to reject unauthorised SMTP command pipelining. but it is still prudent to disable "chunking".
https://github.com/Zimbra/zm-postfix/bl ... in.cf#L670
To reject BDAT commands (BDAT is part of the CHUNKING extension; it allows command pipelining that isn't allowed with the DATA command)
The following command can be appended in /opt/zimbra/common/conf/main.cf
smtpd_discard_ehlo_keywords = chunking
With all Postfix versions,
smtpd_data_restrictions = reject_unauth_pipelining and smtpd_discard_ehlo_keywords = chunking will stop many forms of the published attack.
https://github.com/Zimbra/zm-postfix/bl ... in.cf#L670
To reject BDAT commands (BDAT is part of the CHUNKING extension; it allows command pipelining that isn't allowed with the DATA command)
The following command can be appended in /opt/zimbra/common/conf/main.cf
smtpd_discard_ehlo_keywords = chunking
With all Postfix versions,
smtpd_data_restrictions = reject_unauth_pipelining and smtpd_discard_ehlo_keywords = chunking will stop many forms of the published attack.
Statistics: Posted by ashish.kataria — Wed Dec 27, 2023 7:36 pm