Fix $smtpd_sender_restrictions.

On the MDA the domain is our 'mda.fripost.org', there is no need to perform an extra DNS lookup. The MSA does not perform local or virtual delivery, but relays everything to the outgoing SMTP proxy. On the MX, there is no need to check for recipient validity as we are the final destination; but unsure that the RCPT TO address is a valid recipient before doing the greylisting.
author: Guilhem Moulin <guilhem@fripost.org> 2014-07-10 01:21:34 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:52:55 +0200
commit: 199a909669e821c05d85172b4645e0c46dc1cff4 (patch)
tree: c4dfa560070c322e566640fd57285af8daec2da8 /roles
parent: ee046343f3bbb43dc48a8ad72b5cb16dc0a24ee6 (diff)
3 files changed, 2 insertions, 3 deletions
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index 5a17fe2..03a3aef 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -78,29 +78,28 @@ smtpd_delay_reject      = yes
 disable_vrfy_command    = yes
 
 smtpd_client_restrictions =
     permit_mynetworks
     permit_tls_clientcerts
     # We are the only ones using this proxy, but if things go wrong we
     # want to know why
     defer
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     reject_invalid_helo_hostname
 
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
 
 smtpd_recipient_restrictions =
     # RFC requirements
     reject_non_fqdn_recipient
-    reject_unknown_recipient_domain
     permit_mynetworks
     permit_tls_clientcerts
     reject
 
 smtpd_data_restrictions =
     reject_unauth_pipelining
 
 # vim: set filetype=pfmain :
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index 36ec8d2..b23d6bb 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -101,26 +101,26 @@ disable_vrfy_command    = yes
 unknown_client_reject_code = 554
 
 smtpd_client_restrictions =
     permit_sasl_authenticated
     reject
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     reject_invalid_helo_hostname
 
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
 
 smtpd_recipient_restrictions =
     # RFC requirements
     reject_non_fqdn_recipient
     reject_unknown_recipient_domain
     permit_mynetworks
     permit_sasl_authenticated
-    reject_unauth_destination
+    reject
 
 smtpd_data_restrictions =
     reject_unauth_pipelining
 
 # vim: set filetype=pfmain :
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 22b68f3..b1d28f9 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -126,29 +126,29 @@ unverified_sender_reject_code       = 554
 
 
 smtpd_client_restrictions =
     permit_mynetworks
     reject_rbl_client zen.spamhaus.org
     reject_rbl_client bl.spamcop.net
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     permit_mynetworks
     reject_non_fqdn_helo_hostname
     reject_invalid_helo_hostname
 
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
 
 smtpd_recipient_restrictions =
     # RFC requirements
     reject_non_fqdn_recipient
-    reject_unknown_recipient_domain
     permit_mynetworks
     reject_unauth_destination
+    reject_unlisted_recipient
     check_policy_service unix:private/postgrey
 
 smtpd_data_restrictions =
     reject_unauth_pipelining
 
 # vim: set filetype=pfmain :
author	Guilhem Moulin <guilhem@fripost.org>	2014-07-10 01:21:34 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:52:55 +0200
commit	199a909669e821c05d85172b4645e0c46dc1cff4 (patch)
tree	c4dfa560070c322e566640fd57285af8daec2da8 /roles
parent	ee046343f3bbb43dc48a8ad72b5cb16dc0a24ee6 (diff)