ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2024-09-22 11:22:50 +05:00
Code Issues Packages Projects Releases Wiki Activity

postfix: SMTP Smuggling Protection

Browse Source 
Enable Postfix SMTP Smuggling protection, introduced in Postfix 3.8.4,
which is, currently, only available within the nixpkgs' master branch.

- https://github.com/NixOS/nixpkgs/pull/276104
- https://github.com/NixOS/nixpkgs/pull/276264

For information about SMTP Smuggling:

- https://www.postfix.org/smtp-smuggling.html
- https://www.postfix.org/postconf.5.html#smtpd_forbid_bare_newline
This commit is contained in:
Alvar Penning 2023-12-23 20:15:16 +01:00 committed by Naïm Favier
parent 008d78cc21
commit 3f526c08e8
No known key found for this signature in database
GPG Key ID: 95AFCE8211908325
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
default.nix
View File

@ -955,6 +955,21 @@ in
'';
};
smtpdForbidBareNewline = mkOption {
type = types.bool;
default = true;
description = ''
With "smtpd_forbid_bare_newline = yes", the Postfix SMTP server
disconnects a remote SMTP client that sends a line ending in a 'bare
newline'.
This feature was added in Postfix 3.8.4 against SMTP Smuggling and will
default to "yes" in Postfix 3.9.
https://www.postfix.org/smtp-smuggling.html
'';
};
sendingFqdn = mkOption {
type = types.str;
default = cfg.fqdn;

1
mail-server/postfix.nix
View File

@ -309,6 +309,7 @@ in
milter_protocol = "6";
milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}";
smtpd_forbid_bare_newline = cfg.smtpdForbidBareNewline;
};
submissionOptions = submissionOptions;