diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-10 01:21:34 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:55 +0200 |
| commit | 199a909669e821c05d85172b4645e0c46dc1cff4 (patch) | |
| tree | c4dfa560070c322e566640fd57285af8daec2da8 | |
| parent | ee046343f3bbb43dc48a8ad72b5cb16dc0a24ee6 (diff) | |
Fix $smtpd_sender_restrictions.
On the MDA the domain is our 'mda.fripost.org', there is no need to
perform an extra DNS lookup.
The MSA does not perform local or virtual delivery, but relays
everything to the outgoing SMTP proxy.
On the MX, there is no need to check for recipient validity as we are
the final destination; but unsure that the RCPT TO address is a valid
recipient before doing the greylisting.
| -rw-r--r-- | roles/IMAP/templates/etc/postfix/main.cf.j2 | 1 | ||||
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 2 | ||||
| -rw-r--r-- | roles/MX/templates/etc/postfix/main.cf.j2 | 2 |
3 files changed, 2 insertions, 3 deletions
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 index 5a17fe2..03a3aef 100644 --- a/roles/IMAP/templates/etc/postfix/main.cf.j2 +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -78,29 +78,28 @@ smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_client_restrictions = permit_mynetworks permit_tls_clientcerts # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain smtpd_recipient_restrictions = # RFC requirements reject_non_fqdn_recipient - reject_unknown_recipient_domain permit_mynetworks permit_tls_clientcerts reject smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 36ec8d2..b23d6bb 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -101,26 +101,26 @@ disable_vrfy_command = yes unknown_client_reject_code = 554 smtpd_client_restrictions = permit_sasl_authenticated reject smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain smtpd_recipient_restrictions = # RFC requirements reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated - reject_unauth_destination + reject smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 22b68f3..b1d28f9 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -126,29 +126,29 @@ unverified_sender_reject_code = 554 smtpd_client_restrictions = permit_mynetworks reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain smtpd_recipient_restrictions = # RFC requirements reject_non_fqdn_recipient - reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination + reject_unlisted_recipient check_policy_service unix:private/postgrey smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : |