aboutsummaryrefslogtreecommitdiff
path: root/roles/postfix/files/header_checks
blob: f655904f94e23a1f716ca7f97310cbaf4704f913 (plain)
1
2
3
4
5
6
7
8
9
10
11
#Block attachments with executable extensions
/name=[^>]*\.(exe|pif|com|dll|vbs|bat|sh|bash|so|zip|tar|gz|cpio)/ REJECT
# Block message/partial vulnerability
/message\/partial/ REJECT
# CVE-2022-1328 mitigation - block messages with uuencode
/^Content-Transfer-Encoding:.*uuencode.*/       REJECT
# Remove Received string that is created when spamassassin reinjects message into postfix
# This is to prevent leaking the userid of the spamassassin user
/^Received:.*userid.*/  IGNORE
# Remove User-Agent strings from headers
/^User-Agent: .*/       IGNORE