diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-06-04 19:02:31 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:54:25 +0200 |
| commit | f3d93ac759ee2ac08ecc7308d3019796e2285797 (patch) | |
| tree | 21c9c8fe4247c086c5667154228b455637c5eca1 /roles/out | |
| parent | e8514e6a5ed5677c52cceb6c526c33d9bb235355 (diff) | |
Use recipient address verification probes.
This is specially useful for mailing lists and the webmail, since it
prevents our outgoing gateway from accepting mails known to be bouncing.
However the downside is that it adds a delay of up to 6s after the
RCPT TO command.
Diffstat (limited to 'roles/out')
| -rw-r--r-- | roles/out/templates/etc/postfix/main.cf.j2 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index eab3c0b..968e977 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -51,49 +51,52 @@ smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache relay_clientcerts = cdb:$config_directory/relay_clientcerts smtpd_tls_security_level = may smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5 smtpd_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem smtpd_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache smtpd_tls_received_header = yes smtpd_tls_ask_ccert = yes smtpd_tls_session_cache_timeout = 3600s smtpd_tls_fingerprint_digest = sha256 strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes +unverified_recipient_reject_code = 550 + smtpd_client_restrictions = permit_mynetworks permit_tls_clientcerts # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = permit_mynetworks permit_tls_clientcerts reject smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain + reject_unverified_recipient smtpd_data_restrictions = reject_unauth_pipelining content_filter = amavisfeed:[127.0.0.1]:10040 # vim: set filetype=pfmain : |