postfix: SMTP Smuggling Protection
Enable Postfix SMTP Smuggling protection, introduced in Postfix 3.8.4, which is, currently, only available within the nixpkgs' master branch. - https://github.com/NixOS/nixpkgs/pull/276104 - https://github.com/NixOS/nixpkgs/pull/276264 For information about SMTP Smuggling: - https://www.postfix.org/smtp-smuggling.html - https://www.postfix.org/postconf.5.html#smtpd_forbid_bare_newline
This commit is contained in:
parent
008d78cc21
commit
3f526c08e8
2 changed files with 16 additions and 0 deletions
15
default.nix
15
default.nix
|
@ -955,6 +955,21 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
smtpdForbidBareNewline = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
With "smtpd_forbid_bare_newline = yes", the Postfix SMTP server
|
||||||
|
disconnects a remote SMTP client that sends a line ending in a 'bare
|
||||||
|
newline'.
|
||||||
|
|
||||||
|
This feature was added in Postfix 3.8.4 against SMTP Smuggling and will
|
||||||
|
default to "yes" in Postfix 3.9.
|
||||||
|
|
||||||
|
https://www.postfix.org/smtp-smuggling.html
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
sendingFqdn = mkOption {
|
sendingFqdn = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = cfg.fqdn;
|
default = cfg.fqdn;
|
||||||
|
|
|
@ -309,6 +309,7 @@ in
|
||||||
milter_protocol = "6";
|
milter_protocol = "6";
|
||||||
milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}";
|
milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}";
|
||||||
|
|
||||||
|
smtpd_forbid_bare_newline = cfg.smtpdForbidBareNewline;
|
||||||
};
|
};
|
||||||
|
|
||||||
submissionOptions = submissionOptions;
|
submissionOptions = submissionOptions;
|
||||||
|
|
Loading…
Reference in a new issue