ISTI-ansible-roles
/
ansible-role-postfix
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Mitigate smuggling setting smtpd_discard_ehlo_keywords.

This commit is contained in:
Andrea Dell'Amico 2023-12-26 19:04:41 +01:00
parent 5fc53ea968
commit cfc40d98ca
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/main.cf.j2
View File

@ -621,6 +621,9 @@ smtpd_recipient_restrictions =
reject_rbl_client {{ postfix_rbl_list }} reject_rbl_client {{ postfix_rbl_list }}
{% endif %} {% endif %}
{% if postfix_mx_server %}
smtpd_discard_ehlo_keywords = chunking
{% endif %}
smtpd_client_restrictions = smtpd_client_restrictions =
permit_mynetworks permit_mynetworks
permit_inet_interfaces permit_inet_interfaces
@ -654,6 +657,7 @@ smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes broken_sasl_auth_clients = yes
# Block clients that speak too early. # Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining
smtpd_discard_ehlo_keywords = chunking
{% endif %} {% endif %}
{% if postfix_reject_sender_login_mismatch %} {% if postfix_reject_sender_login_mismatch %}
smtpd_sender_login_maps = smtpd_sender_login_maps =