postfix: SMTP Smuggling Protection
Enable Postfix SMTP Smuggling protection, introduced in Postfix 3.8.4, which is, currently, only available within the nixpkgs' master branch. - https://github.com/NixOS/nixpkgs/pull/276104 - https://github.com/NixOS/nixpkgs/pull/276264 For information about SMTP Smuggling: - https://www.postfix.org/smtp-smuggling.html - https://www.postfix.org/postconf.5.html#smtpd_forbid_bare_newline
This commit is contained in:
parent
008d78cc21
commit
3f526c08e8
15
default.nix
15
default.nix
|
@ -955,6 +955,21 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
smtpdForbidBareNewline = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
With "smtpd_forbid_bare_newline = yes", the Postfix SMTP server
|
||||
disconnects a remote SMTP client that sends a line ending in a 'bare
|
||||
newline'.
|
||||
|
||||
This feature was added in Postfix 3.8.4 against SMTP Smuggling and will
|
||||
default to "yes" in Postfix 3.9.
|
||||
|
||||
https://www.postfix.org/smtp-smuggling.html
|
||||
'';
|
||||
};
|
||||
|
||||
sendingFqdn = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.fqdn;
|
||||
|
|
|
@ -309,6 +309,7 @@ in
|
|||
milter_protocol = "6";
|
||||
milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}";
|
||||
|
||||
smtpd_forbid_bare_newline = cfg.smtpdForbidBareNewline;
|
||||
};
|
||||
|
||||
submissionOptions = submissionOptions;
|
||||
|
|
Loading…
Reference in New Issue