diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-09 19:03:16 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-09 20:25:40 +0100 |
| commit | 1d2a6bfc7062c60cfe61fd74c2af23a5c828c440 (patch) | |
| tree | 4b7f1938cd09305cef3b8e4f532e8a50c6593511 /roles/MSA/templates/etc/postfix/main.cf.j2 | |
| parent | 9039847b88dd737de1b92b08cba67cbfe9a2d840 (diff) | |
MSA verification probes: enable opportunistic encryption.
And use ‘noreply.fripost.org’ as HELO name rather than $myhostname
(i.e., ‘smtp.fripost.org’), so the same SPF policy can be used for ehlo
and envelope sender identities.
Diffstat (limited to 'roles/MSA/templates/etc/postfix/main.cf.j2')
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 50ea6b0..a48a327 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -75,40 +75,41 @@ smtpd_sasl_local_domain = smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = unix:private/dovecot-auth strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes address_verify_sender = $double_bounce_sender@noreply.$mydomain address_verify_poll_count = 3 address_verify_relayhost = address_verify_sender_ttl = 8069m address_verify_negative_refresh_time = 5m unverified_recipient_defer_code = 250 unverified_recipient_reject_code = 550 address_verify_map = lmdb:$data_directory/verify_cache +address_verify_default_transport = smtp_verify smtpd_client_restrictions = permit_sasl_authenticated reject smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_login_maps = socketmap:unix:private/sender-login:sender_login smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access lmdb:$config_directory/check_sender_access reject_known_sender_login_mismatch smtpd_relay_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient |