From 724d877995dfcc10c462a18dcb4ea6c8b60c2d03 Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sun, 2 Jul 2023 19:04:30 -0400 Subject: initial commit --- roles/postfix/files/header_checks | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 roles/postfix/files/header_checks (limited to 'roles/postfix/files/header_checks') diff --git a/roles/postfix/files/header_checks b/roles/postfix/files/header_checks new file mode 100644 index 0000000..f655904 --- /dev/null +++ b/roles/postfix/files/header_checks @@ -0,0 +1,11 @@ +#Block attachments with executable extensions +/name=[^>]*\.(exe|pif|com|dll|vbs|bat|sh|bash|so|zip|tar|gz|cpio)/ REJECT +# Block message/partial vulnerability +/message\/partial/ REJECT +# CVE-2022-1328 mitigation - block messages with uuencode +/^Content-Transfer-Encoding:.*uuencode.*/ REJECT +# Remove Received string that is created when spamassassin reinjects message into postfix +# This is to prevent leaking the userid of the spamassassin user +/^Received:.*userid.*/ IGNORE +# Remove User-Agent strings from headers +/^User-Agent: .*/ IGNORE -- cgit v1.2.3