diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-07-16 14:59:58 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:53:14 +0200 |
| commit | 4aa77a81f15a41208f2e5be88ea6da53b581acc3 (patch) | |
| tree | ec13d377ad1d4667d4ea751265088d952ac4990f | |
| parent | 465a95893bbd378999f5f80254d9d064ac5c7d75 (diff) | |
Remove reject_unknown_sender_domain from the MDA and outgoing SMTP.
We already removed it from the MX:es (see 32e605d4); we need to remove
it from the MDA and outgoing SMTP as well, otherwise mails could bounce
or get stuck in the middle (the're rejected with 450: deferred by
default).
However we can keep the restriction on the entry points (MSA and
webmail).
| -rw-r--r-- | roles/IMAP/templates/etc/postfix/main.cf.j2 | 1 | ||||
| -rw-r--r-- | roles/out/templates/etc/postfix/main.cf.j2 | 1 |
2 files changed, 0 insertions, 2 deletions
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 index 03a3aef..c775a73 100644 --- a/roles/IMAP/templates/etc/postfix/main.cf.j2 +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -73,33 +73,32 @@ smtpd_tls_session_cache_timeout = 3600s smtpd_tls_fingerprint_digest = sha256 strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_client_restrictions = permit_mynetworks permit_tls_clientcerts # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender - reject_unknown_sender_domain smtpd_recipient_restrictions = # RFC requirements reject_non_fqdn_recipient permit_mynetworks permit_tls_clientcerts reject smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index 294e92e..23a1de2 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -62,36 +62,35 @@ smtpd_tls_session_cache_timeout = 3600s smtpd_tls_fingerprint_digest = sha256 strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_client_restrictions = permit_mynetworks permit_tls_clientcerts # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender - reject_unknown_sender_domain smtpd_recipient_restrictions = # RFC requirements reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks permit_tls_clientcerts reject smtpd_data_restrictions = reject_unauth_pipelining content_filter = amavisfeed:[127.0.0.1]:10040 # vim: set filetype=pfmain : |