aboutsummaryrefslogtreecommitdiff
path: root/roles/postfix/files
diff options
context:
space:
mode:
authorSam Chudnick <sam@chudnick.com>2023-07-02 19:04:30 -0400
committerSam Chudnick <sam@chudnick.com>2023-07-02 19:04:30 -0400
commit724d877995dfcc10c462a18dcb4ea6c8b60c2d03 (patch)
tree270537b8fca585717c1ffa7708e492593f7b2ed5 /roles/postfix/files
initial commit
Diffstat (limited to 'roles/postfix/files')
-rw-r--r--roles/postfix/files/body_checks2
-rw-r--r--roles/postfix/files/header_checks11
2 files changed, 13 insertions, 0 deletions
diff --git a/roles/postfix/files/body_checks b/roles/postfix/files/body_checks
new file mode 100644
index 0000000..795c922
--- /dev/null
+++ b/roles/postfix/files/body_checks
@@ -0,0 +1,2 @@
1#Block iframe vulnerability
2/<iframe/ REJECT
diff --git a/roles/postfix/files/header_checks b/roles/postfix/files/header_checks
new file mode 100644
index 0000000..f655904
--- /dev/null
+++ b/roles/postfix/files/header_checks
@@ -0,0 +1,11 @@
1#Block attachments with executable extensions
2/name=[^>]*\.(exe|pif|com|dll|vbs|bat|sh|bash|so|zip|tar|gz|cpio)/ REJECT
3# Block message/partial vulnerability
4/message\/partial/ REJECT
5# CVE-2022-1328 mitigation - block messages with uuencode
6/^Content-Transfer-Encoding:.*uuencode.*/ REJECT
7# Remove Received string that is created when spamassassin reinjects message into postfix
8# This is to prevent leaking the userid of the spamassassin user
9/^Received:.*userid.*/ IGNORE
10# Remove User-Agent strings from headers
11/^User-Agent: .*/ IGNORE