summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-10 01:21:34 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:52:55 +0200
commit199a909669e821c05d85172b4645e0c46dc1cff4 (patch)
treec4dfa560070c322e566640fd57285af8daec2da8
parentee046343f3bbb43dc48a8ad72b5cb16dc0a24ee6 (diff)
Fix $smtpd_sender_restrictions.
On the MDA the domain is our 'mda.fripost.org', there is no need to perform an extra DNS lookup. The MSA does not perform local or virtual delivery, but relays everything to the outgoing SMTP proxy. On the MX, there is no need to check for recipient validity as we are the final destination; but unsure that the RCPT TO address is a valid recipient before doing the greylisting.
-rw-r--r--roles/IMAP/templates/etc/postfix/main.cf.j21
-rw-r--r--roles/MSA/templates/etc/postfix/main.cf.j22
-rw-r--r--roles/MX/templates/etc/postfix/main.cf.j22
3 files changed, 2 insertions, 3 deletions
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index 5a17fe2..03a3aef 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -95,7 +95,6 @@ smtpd_sender_restrictions =
smtpd_recipient_restrictions =
# RFC requirements
reject_non_fqdn_recipient
- reject_unknown_recipient_domain
permit_mynetworks
permit_tls_clientcerts
reject
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index 36ec8d2..b23d6bb 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -118,7 +118,7 @@ smtpd_recipient_restrictions =
reject_unknown_recipient_domain
permit_mynetworks
permit_sasl_authenticated
- reject_unauth_destination
+ reject
smtpd_data_restrictions =
reject_unauth_pipelining
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 22b68f3..b1d28f9 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -143,9 +143,9 @@ smtpd_sender_restrictions =
smtpd_recipient_restrictions =
# RFC requirements
reject_non_fqdn_recipient
- reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
+ reject_unlisted_recipient
check_policy_service unix:private/postgrey
smtpd_data_restrictions =