add smtp smuggling mitigation

mailserver2 · Jan 9, 2024 · 9bb7df6 · 9bb7df6
1 parent 339f9b3
commit 9bb7df6
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/rootfs/etc/postfix/main.cf b/rootfs/etc/postfix/main.cf
@@ -25,6 +25,18 @@ mynetworks    = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ .RELAY_NETWORKS
 
 alias_maps = hash:/etc/aliases
 
+
+################################
+## SMTP smuggling mitigation  ##
+################################
+smtpd_forbid_bare_newline            = yes
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+
+# https://www.postfix.org/smtp-smuggling.html#long
+# Optionally disconnect remote SMTP clients that send bare newlines,
+# but allow local clients with non-standard SMTP implementations
+# such as netcat, fax machines, or load balancer health checks.
+
 ###############
 ## SMTP/UTF8 ##
 ###############