From 281ec5696739e2c8b0a6be9471b0ea56f36d744e Mon Sep 17 00:00:00 2001 From: "M.N Wickramasinghe" <73810867+manupawickramasinghe@users.noreply.github.com> Date: Fri, 8 May 2026 17:31:54 +0530 Subject: [PATCH 1/2] Update gen-postfix-conf.sh --- services/config-scripts/gen-postfix-conf.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/config-scripts/gen-postfix-conf.sh b/services/config-scripts/gen-postfix-conf.sh index 27873065..f97b470f 100755 --- a/services/config-scripts/gen-postfix-conf.sh +++ b/services/config-scripts/gen-postfix-conf.sh @@ -146,6 +146,9 @@ smtpd_client_recipient_rate_limit = 200 smtpd_recipient_limit = 50 anvil_rate_time_unit = 60s smtpd_client_connection_count_limit = 20 + +# Security Hardening +disable_vrfy_command = yes EOF echo Postfix configuration successfully generated From 1a77565530b56a8de18c0a379d15230d35758110 Mon Sep 17 00:00:00 2001 From: manupawickramasinghe Date: Wed, 13 May 2026 15:06:08 +0000 Subject: [PATCH 2/2] fix: replace hardcoded Thunder admin credentials with env vars Changes the thunder-auth.sh authentication payload to read THUNDER_ADMIN_USERNAME and THUNDER_ADMIN_PASSWORD from environment variables, falling back to "admin" defaults if not set. --- scripts/utils/thunder-auth.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/utils/thunder-auth.sh b/scripts/utils/thunder-auth.sh index 08108306..ae2b491c 100755 --- a/scripts/utils/thunder-auth.sh +++ b/scripts/utils/thunder-auth.sh @@ -109,7 +109,7 @@ thunder_authenticate() { auth_response=$(curl -s -w "\n%{http_code}" -X POST \ "https://${thunder_host}:${thunder_port}/flow/execute" \ -H "Content-Type: application/json" \ - -d "{\"flowId\":\"${FLOW_ID}\",\"inputs\":{\"username\":\"admin\",\"password\":\"admin\",\"requested_permissions\":\"system\"},\"action\":\"action_001\"}") + -d "{\"flowId\":\"${FLOW_ID}\",\"inputs\":{\"username\":\"${THUNDER_ADMIN_USERNAME:-admin}\",\"password\":\"${THUNDER_ADMIN_PASSWORD:-admin}\",\"requested_permissions\":\"system\"},\"action\":\"action_001\"}") local auth_body local auth_status