diff options
author | Sam Chudnick <sam@chudnick.com> | 2023-07-02 19:04:30 -0400 |
---|---|---|
committer | Sam Chudnick <sam@chudnick.com> | 2023-07-02 19:04:30 -0400 |
commit | 724d877995dfcc10c462a18dcb4ea6c8b60c2d03 (patch) | |
tree | 270537b8fca585717c1ffa7708e492593f7b2ed5 /roles/postfix/files/header_checks |
initial commit
Diffstat (limited to 'roles/postfix/files/header_checks')
-rw-r--r-- | roles/postfix/files/header_checks | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/roles/postfix/files/header_checks b/roles/postfix/files/header_checks new file mode 100644 index 0000000..f655904 --- /dev/null +++ b/roles/postfix/files/header_checks | |||
@@ -0,0 +1,11 @@ | |||
1 | #Block attachments with executable extensions | ||
2 | /name=[^>]*\.(exe|pif|com|dll|vbs|bat|sh|bash|so|zip|tar|gz|cpio)/ REJECT | ||
3 | # Block message/partial vulnerability | ||
4 | /message\/partial/ REJECT | ||
5 | # CVE-2022-1328 mitigation - block messages with uuencode | ||
6 | /^Content-Transfer-Encoding:.*uuencode.*/ REJECT | ||
7 | # Remove Received string that is created when spamassassin reinjects message into postfix | ||
8 | # This is to prevent leaking the userid of the spamassassin user | ||
9 | /^Received:.*userid.*/ IGNORE | ||
10 | # Remove User-Agent strings from headers | ||
11 | /^User-Agent: .*/ IGNORE | ||