From dd691ab6c1fabf1a4915cfe397a5b173e10f77af Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Mon, 25 Dec 2023 21:04:58 +0100
Subject: modules/server/postfix: forbid bare newline

Fixes: CVE-2023-51764
---
 modules/server/spectrum/postfix/default.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/server/spectrum/postfix')

diff --git a/modules/server/spectrum/postfix/default.nix b/modules/server/spectrum/postfix/default.nix
index 16c2acf95269..978cb47726e6 100644
--- a/modules/server/spectrum/postfix/default.nix
+++ b/modules/server/spectrum/postfix/default.nix
@@ -5,6 +5,7 @@
   services.postfix.enableSubmission = true;
   services.postfix.hostname = "atuin.qyliss.net";
   services.postfix.config.smtp_tls_loglevel = "1";
+  services.postfix.config.smtpd_forbid_bare_newline = true;
   services.postfix.config.disable_mime_output_conversion = true;
   services.postfix.sslCert = "/var/lib/acme/spectrum-os.org/fullchain.pem";
   services.postfix.sslKey = "/var/lib/acme/spectrum-os.org/key.pem";
-- 
cgit 1.4.1