Contents

  1. Hardening your Mail Transfer Agent (MTA) and related services
    1. SASL authentication via Dovecot
    2. Preventing abuse of database backends
    3. Privacy for Postfix

Hardening your Mail Transfer Agent (MTA) and related services

TODO

SASL authentication via Dovecot

TODO

Preventing abuse of database backends

TODO

Privacy for Postfix

Cleaning headers for outgoing mail: 

# /etc/postfix/extra/header_checks
/^Received: from 127.0.0.1/     IGNORE
/^User-Agent:/                  IGNORE
/^X-Mailer:/                    IGNORE
/^X-Originating-IP:/            IGNORE
/^X-Sanitizer:/                 IGNORE
/^X-Spam-Status:/               IGNORE
/^X-Spam-Level:/                IGNORE
/^X-MSMail-Priority:/           IGNORE
/^X-MimeOLE:/                   IGNORE

In your main.cf configuration file: 

# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
# For details, see "man header_checks".

header_checks = regexp:/etc/postfix/extra/header_checks

SubreptionWiki: HardeningYourMailServer (last edited 2008-09-01 08:05:36 by SubreptionResearch)