mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-22 07:17:05 +00:00
Update SMTP Smuggling protection to the 'long-term fix'
* Revert "Guard against SMTP smuggling", commitfaf23f150c
, by restoring the setting to its default. * Revert "[security] SMTP smuggling: update short term fix (#2346)", commmite931e103fe
, by restoring the setting to its default. * Set smtpd_forbid_bare_newline=normalize.
This commit is contained in:
parent
1a239c55bb
commit
fa72e015ee
@ -70,10 +70,16 @@ tools/editconf.py /etc/postfix/main.cf \
|
||||
bounce_queue_lifetime=1d
|
||||
|
||||
# Guard against SMTP smuggling
|
||||
# This short-term workaround is recommended at https://www.postfix.org/smtp-smuggling.html
|
||||
# This "long-term" fix is recommended at https://www.postfix.org/smtp-smuggling.html.
|
||||
# This beecame supported in a backported fix in package version 3.6.4-1ubuntu1.3. It is
|
||||
# unnecessary in Postfix 3.9+ where this is the default. The "short-term" workarounds
|
||||
# that we previously had are reverted to postfix defaults (though smtpd_discard_ehlo_keywords
|
||||
# was never included in a released version of Mail-in-a-Box).
|
||||
tools/editconf.py /etc/postfix/main.cf -e \
|
||||
smtpd_data_restrictions= \
|
||||
smtpd_discard_ehlo_keywords=
|
||||
tools/editconf.py /etc/postfix/main.cf \
|
||||
smtpd_data_restrictions=reject_unauth_pipelining \
|
||||
smtpd_discard_ehlo_keywords="chunking, silent-discard"
|
||||
smtpd_forbid_bare_newline=normalize
|
||||
|
||||
# ### Outgoing Mail
|
||||
|
||||
|
@ -30,7 +30,7 @@ import sys, re
|
||||
|
||||
# sanity check
|
||||
if len(sys.argv) < 3:
|
||||
print("usage: python3 editconf.py /etc/file.conf [-s] [-w] [-c <CHARACTER>] [-t] NAME=VAL [NAME=VAL ...]")
|
||||
print("usage: python3 editconf.py /etc/file.conf [-e] [-s] [-w] [-c <CHARACTER>] [-t] NAME=VAL [NAME=VAL ...]")
|
||||
sys.exit(1)
|
||||
|
||||
# parse command line arguments
|
||||
|
Loading…
Reference in New Issue
Block a user