diff options
Diffstat (limited to 'roles/postfix/files')
-rw-r--r-- | roles/postfix/files/body_checks | 2 | ||||
-rw-r--r-- | roles/postfix/files/header_checks | 11 |
2 files changed, 13 insertions, 0 deletions
diff --git a/roles/postfix/files/body_checks b/roles/postfix/files/body_checks new file mode 100644 index 0000000..795c922 --- /dev/null +++ b/roles/postfix/files/body_checks | |||
@@ -0,0 +1,2 @@ | |||
1 | #Block iframe vulnerability | ||
2 | /<iframe/ REJECT | ||
diff --git a/roles/postfix/files/header_checks b/roles/postfix/files/header_checks new file mode 100644 index 0000000..f655904 --- /dev/null +++ b/roles/postfix/files/header_checks | |||
@@ -0,0 +1,11 @@ | |||
1 | #Block attachments with executable extensions | ||
2 | /name=[^>]*\.(exe|pif|com|dll|vbs|bat|sh|bash|so|zip|tar|gz|cpio)/ REJECT | ||
3 | # Block message/partial vulnerability | ||
4 | /message\/partial/ REJECT | ||
5 | # CVE-2022-1328 mitigation - block messages with uuencode | ||
6 | /^Content-Transfer-Encoding:.*uuencode.*/ REJECT | ||
7 | # Remove Received string that is created when spamassassin reinjects message into postfix | ||
8 | # This is to prevent leaking the userid of the spamassassin user | ||
9 | /^Received:.*userid.*/ IGNORE | ||
10 | # Remove User-Agent strings from headers | ||
11 | /^User-Agent: .*/ IGNORE | ||