diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-04-04 16:11:20 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-04-04 16:11:20 +0200 |
| commit | b5a0be7a37e1bbc1aef2a7d1844a1da4aec5634f (patch) | |
| tree | 6db47371993c0f9957b7ee8cd04c49a01df50590 /roles/MSA/templates/etc/postfix/main.cf.j2 | |
| parent | 779fc904868bb2bc3f5f73cfd225ec7655ba14cf (diff) | |
Perform recipient address verification on the MSA itself.
Diffstat (limited to 'roles/MSA/templates/etc/postfix/main.cf.j2')
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 45a47c6..79808d5 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -66,44 +66,47 @@ smtpd_tls_key_file = $config_directory/ssl/smtp.fripost.org.key smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem smtpd_tls_session_cache_database= smtpd_tls_received_header = yes # SASL smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = unix:private/dovecot-auth strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes -address_verify_sender = $double_bounce_sender@noreply.$mydomain -address_verify_sender_ttl = 24h -unverified_recipient_defer_code = 250 -unverified_recipient_reject_code = 550 +address_verify_sender = $double_bounce_sender@noreply.$mydomain +address_verify_poll_count = 3 +address_verify_relayhost = +address_verify_sender_ttl = 8069m +address_verify_negative_refresh_time = 5m +unverified_recipient_defer_code = 250 +unverified_recipient_reject_code = 550 smtpd_client_restrictions = permit_sasl_authenticated reject smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_login_maps = socketmap:unix:private/sender-login:sender_login smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access cdb:$config_directory/check_sender_access reject_known_sender_login_mismatch smtpd_relay_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient |