mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-02 09:05:14 +02:00
security(Postfix): Protect against "SMTP Smuggling" attack (#3727)
View `CHANGELOG.md` entry and PR for details. --------- Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
Georg Lauterbach
GitHub
parent
9e81517fe3
commit
25c7024cc4
2 changed files with 20 additions and 1 deletions
|
|
@ -57,6 +57,12 @@ smtpd_sender_restrictions = $dms_smtpd_sender_restrictions
|
|||
smtpd_discard_ehlo_keywords = silent-discard, dsn
|
||||
disable_vrfy_command = yes
|
||||
|
||||
# Security - Prevent SMTP Smuggling attack
|
||||
# https://www.postfix.org/smtp-smuggling.html#long
|
||||
smtpd_forbid_bare_newline = yes
|
||||
# It is possible to exclude clients on trusted networks from this restriction (the upstream default is `$mynetwork`):
|
||||
# smtpd_forbid_bare_newline_exclusions = $mynetworks
|
||||
|
||||
# Custom defined parameters for DMS:
|
||||
dms_smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain
|
||||
# Submission ports 587 and 465 support for SPOOF_PROTECTION=1
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue