1 files changed, 11 insertions, 0 deletions
diff --git a/roles/postfix/files/header_checks b/roles/postfix/files/header_checks
new file mode 100644
index 0000000..f655904
--- /dev/null
+++ b/roles/postfix/files/header_checks
@@ -0,0 +1,11 @@
+#Block attachments with executable extensions
+/name=[^>]*\.(exe|pif|com|dll|vbs|bat|sh|bash|so|zip|tar|gz|cpio)/ REJECT
+# Block message/partial vulnerability
+/message\/partial/ REJECT
+# CVE-2022-1328 mitigation - block messages with uuencode
+/^Content-Transfer-Encoding:.*uuencode.*/       REJECT
+# Remove Received string that is created when spamassassin reinjects message into postfix
+# This is to prevent leaking the userid of the spamassassin user
+/^Received:.*userid.*/  IGNORE
+# Remove User-Agent strings from headers
+/^User-Agent: .*/       IGNORE

diff --git a/roles/postfix/files/header_checks b/roles/postfix/files/header_checks new file mode 100644 index 0000000..f655904 --- /dev/null +++ b/roles/postfix/files/header_checks
@@ -0,0 +1,11 @@
	1	#Block attachments with executable extensions
	2	/name=[^>]*\.(exe\|pif\|com\|dll\|vbs\|bat\|sh\|bash\|so\|zip\|tar\|gz\|cpio)/ REJECT
	3	# Block message/partial vulnerability
	4	/message\/partial/ REJECT
	5	# CVE-2022-1328 mitigation - block messages with uuencode
	6	/^Content-Transfer-Encoding:.uuencode./ REJECT
	7	# Remove Received string that is created when spamassassin reinjects message into postfix
	8	# This is to prevent leaking the userid of the spamassassin user
	9	/^Received:.userid./ IGNORE
	10	# Remove User-Agent strings from headers
	11	/^User-Agent: .*/ IGNORE