aboutsummaryrefslogtreecommitdiff
path: root/roles/postfix/files
diff options
context:
space:
mode:
Diffstat (limited to 'roles/postfix/files')
-rw-r--r--roles/postfix/files/body_checks2
-rw-r--r--roles/postfix/files/header_checks11
2 files changed, 13 insertions, 0 deletions
diff --git a/roles/postfix/files/body_checks b/roles/postfix/files/body_checks
new file mode 100644
index 0000000..795c922
--- /dev/null
+++ b/roles/postfix/files/body_checks
@@ -0,0 +1,2 @@
1#Block iframe vulnerability
2/<iframe/ REJECT
diff --git a/roles/postfix/files/header_checks b/roles/postfix/files/header_checks
new file mode 100644
index 0000000..f655904
--- /dev/null
+++ b/roles/postfix/files/header_checks
@@ -0,0 +1,11 @@
1#Block attachments with executable extensions
2/name=[^>]*\.(exe|pif|com|dll|vbs|bat|sh|bash|so|zip|tar|gz|cpio)/ REJECT
3# Block message/partial vulnerability
4/message\/partial/ REJECT
5# CVE-2022-1328 mitigation - block messages with uuencode
6/^Content-Transfer-Encoding:.*uuencode.*/ REJECT
7# Remove Received string that is created when spamassassin reinjects message into postfix
8# This is to prevent leaking the userid of the spamassassin user
9/^Received:.*userid.*/ IGNORE
10# Remove User-Agent strings from headers
11/^User-Agent: .*/ IGNORE