summaryrefslogtreecommitdiffstats
path: root/roles/MSA
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2024-09-08 02:21:26 +0200
committerGuilhem Moulin <guilhem@fripost.org>2024-09-08 02:24:27 +0200
commiteeef279d8f4d3b7ddff5eae47e609c4e138140ce (patch)
treea49458c345f1b28c5058f06b28d1731eb517453e /roles/MSA
parent4977d7c1d80ac0caf94914fbf9be8471d056c906 (diff)
MSA: Set smtpd_forbid_bare_newline to defeat SMTP smuggling attacks.
Diffstat (limited to 'roles/MSA')
-rw-r--r--roles/MSA/templates/etc/postfix/main.cf.j23
1 files changed, 3 insertions, 0 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index bc98d9e..6a544ac 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -121,4 +121,7 @@ smtpd_relay_restrictions =
smtpd_data_restrictions =
reject_unauth_pipelining
+smtpd_forbid_bare_newline = normalize
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+
# vim: set filetype=pfmain :