diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-05-30 13:23:19 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:53:53 +0200 |
| commit | fa82a617a0c50b7478cd2b7189aa5f7d14449954 (patch) | |
| tree | 62488ddf805f34b3f06807a83d6f94a360ece723 /roles/MX/templates/etc/postfix | |
| parent | 64e8603cf9790aa4419d0f2746671bd242e6344d (diff) | |
Upgrade the MX configuration from Wheezy to Jessie.
In particular, since Postfix is now able to perform LDAP lookups using
SASL, previous hacks with simble binds on cn=postfix,ou=services,… can
now be removed.
Diffstat (limited to 'roles/MX/templates/etc/postfix')
| -rw-r--r-- | roles/MX/templates/etc/postfix/main.cf.j2 | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 09a5ce7..11c8199 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -69,12 +69,12 @@ transport_maps = cdb:$config_directory/virtual/transport # Don't rewrite remote headers -local_header_rewrite_clients = +local_header_rewrite_clients = # Pass the client information along to the content filter -smtp_send_xforward_command = yes +smtp_send_xforward_command = yes # Avoid splitting the envelope and scanning messages multiple times -smtp_destination_recipient_limit = 1000 -reserved-alias_recipient_limit = 1 +smtp_destination_recipient_limit = 1000 +reserved-alias_destination_recipient_limit = 1 # Tolerate occasional high latency smtp_data_done_timeout = 1200s @@ -90,7 +90,6 @@ smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache smtp_tls_policy_maps = cdb:/etc/postfix/tls_policy smtp_tls_fingerprint_digest = sha256 {% endif %} -smtpd_tls_security_level = none smtpd_tls_security_level = may smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5 @@ -140,7 +139,7 @@ postscreen_dnsbl_sites = list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 postscreen_greet_action = enforce -postscreen_whitelist_interfaces = !88.80.11.28 static:all +postscreen_whitelist_interfaces = !88.80.11.28 ![2a00:16b0:242:13::de30] static:all smtpd_client_restrictions = permit_mynetworks @@ -154,13 +153,13 @@ smtpd_helo_restrictions = smtpd_sender_restrictions = reject_non_fqdn_sender -smtpd_recipient_restrictions = - # RFC requirements - reject_non_fqdn_recipient +smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination reject_unlisted_recipient - permit_dnswl_client list.dnswl.org + +smtpd_recipient_restrictions = + reject_non_fqdn_recipient smtpd_data_restrictions = reject_unauth_pipelining |