From eeef279d8f4d3b7ddff5eae47e609c4e138140ce Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 8 Sep 2024 02:21:26 +0200
Subject: MSA: Set smtpd_forbid_bare_newline to defeat SMTP smuggling attacks.

---
 roles/MSA/templates/etc/postfix/main.cf.j2 | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'roles/MSA/templates/etc')

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index bc98d9e..6a544ac 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -121,4 +121,7 @@ smtpd_relay_restrictions =
 smtpd_data_restrictions =
     reject_unauth_pipelining
 
+smtpd_forbid_bare_newline = normalize
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+
 # vim: set filetype=pfmain :
-- 
cgit v1.2.3