tixie/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity

update smtp server security conf

Browse source
This commit is contained in:
Quentin 2023-12-25 14:00:36 +01:00
parent 2472a6b61a
commit ac42e95f1a
Signed by untrusted user: quentin
GPG key ID: E9602264D639FF68
3 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cluster/prod/app/email/build/docker-compose.yml
View file

@ -26,9 +26,9 @@ services:
build: build:
context: ./postfix context: ./postfix
args: args:
# https://packages.debian.org/fr/buster/postfix # https://packages.debian.org/fr/trixie/postfix
VERSION: 3.4.14-0+deb10u1 VERSION: 3.8.4-1
image: superboum/amd64_postfix:v3 image: superboum/amd64_postfix:v4
opendkim: opendkim:
build: build:

2
cluster/prod/app/email/build/postfix/Dockerfile
View file

@ -1,4 +1,4 @@
FROM amd64/debian:buster FROM amd64/debian:trixie
ARG VERSION ARG VERSION

6
cluster/prod/app/email/config/postfix/main.cf
View file

@ -77,7 +77,11 @@ smtpd_relay_restrictions =
permit_mynetworks permit_mynetworks
reject_unauth_destination reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining # Disable SMTP smuggling attacks
# https://www.postfix.org/smtp-smuggling.html
smtpd_forbid_unauth_pipelining = yes
smtpd_discard_ehlo_keywords = chunking
smtpd_forbid_bare_newline = yes
smtpd_client_connection_rate_limit = 2 smtpd_client_connection_rate_limit = 2