[SOLVED] postfix: disable answers to VRFY and EXPN requests?

[sherminator]

Hi there,

our vulnerability scanner recommends us disabling answering VRFY and EXPN requests by configuring

disable_vrfy_command=yes

Is it safe to do this in a PMG installation?

Thanks and greets
Stephan

 

[Stoiko Ivanov]

I currently don't think disabling this should be a problem with PMG (but please do keep an eye on the logs after changing the setting, in case I overlooked anything)

To adapt the postfix config in PMG you need to use the templateing system:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

Also if possible please report back how it worked out for you - Thanks!

 

[sherminator]

Thanks for your reply!
I just did the change, everything looks good so far. I will observe this the next few days and report back.
One question for understanding: As expected the additional line occurs in /etc/postfix/main.cf. But it doesn't occur in the output of pmgconfig dump. Is this expected as well?

 

[Stoiko Ivanov]

One question for understanding: As expected the additional line occurs in /etc/postfix/main.cf. But it doesn't occur in the output of pmgconfig dump. Is this expected as well?

yes that's expected (`pmgconfig dump` mostly contains the settings you have set in /etc/pmg/pmgconfig and a few of the settings for postfix (e.g. the networks)) - not overrides to the templates

 

[sherminator]

For the record: We didn't notice any unwanted side effects due to this configuration change. So I mark this thread as solved.