diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-09-16 00:08:37 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-09-16 00:08:37 +0200 |
| commit | 425c79ad30740340c46770315b9b6c7b06a04347 (patch) | |
| tree | 1a7a7b541604b804f554e3879d6e9719bf7da3fa /roles | |
| parent | 6e210e7ef813814f7ca1317b134a91bd6bb5b0fe (diff) | |
Fix address verification probes on the MSA.
Put all relay restrictions under smtpd_relay_restrictions and leave
smtpd_recipient_restrictions empty, since we don't do DNSBL.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/IMAP/templates/etc/postfix/main.cf.j2 | 4 | ||||
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 8 | ||||
| -rw-r--r-- | roles/MX/templates/etc/postfix/main.cf.j2 | 4 | ||||
| -rw-r--r-- | roles/lists/templates/etc/postfix/main.cf.j2 | 4 | ||||
| -rw-r--r-- | roles/out/templates/etc/postfix/main.cf.j2 | 8 |
5 files changed, 9 insertions, 19 deletions
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 index 4cc07a6..1d71131 100644 --- a/roles/IMAP/templates/etc/postfix/main.cf.j2 +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -77,31 +77,29 @@ smtpd_tls_fingerprint_digest = sha256 strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_client_restrictions = permit_mynetworks permit_tls_clientcerts # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = + reject_non_fqdn_recipient permit_mynetworks permit_tls_clientcerts reject -smtpd_recipient_restrictions = - reject_non_fqdn_recipient - smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 6e13cff..efcebef 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -98,33 +98,31 @@ strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes address_verify_sender = $double_bounce_sender@$mydomain unverified_recipient_defer_code = 250 unverified_recipient_reject_code = 550 smtpd_client_restrictions = permit_sasl_authenticated reject smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain smtpd_relay_restrictions = - permit_mynetworks - permit_sasl_authenticated - reject - -smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient + permit_mynetworks + permit_sasl_authenticated + reject smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index c911c05..b9f7c09 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -135,31 +135,29 @@ postscreen_dnsbl_sites = list.dnswl.org=127.[0..255].[0..255].0*-2 list.dnswl.org=127.[0..255].[0..255].1*-3 list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 postscreen_greet_action = enforce postscreen_whitelist_interfaces = !88.80.11.28 ![2a00:16b0:242:13::de30] static:all smtpd_client_restrictions = permit_mynetworks smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = + reject_non_fqdn_recipient permit_mynetworks reject_unauth_destination reject_unlisted_recipient -smtpd_recipient_restrictions = - reject_non_fqdn_recipient - smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : diff --git a/roles/lists/templates/etc/postfix/main.cf.j2 b/roles/lists/templates/etc/postfix/main.cf.j2 index d286f27..b314d95 100644 --- a/roles/lists/templates/etc/postfix/main.cf.j2 +++ b/roles/lists/templates/etc/postfix/main.cf.j2 @@ -69,31 +69,29 @@ smtpd_tls_fingerprint_digest = sha256 strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_client_restrictions = permit_mynetworks permit_tls_clientcerts # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = + reject_non_fqdn_recipient permit_mynetworks permit_tls_clientcerts reject -smtpd_recipient_restrictions = - reject_non_fqdn_recipient - smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index 3ad80b1..8766984 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -70,35 +70,33 @@ disable_vrfy_command = yes address_verify_sender = $double_bounce_sender@$mydomain unverified_recipient_defer_code = 250 unverified_recipient_reject_code = 550 smtpd_client_restrictions = permit_mynetworks permit_tls_clientcerts # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = - permit_mynetworks - permit_tls_clientcerts - reject - -smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient + permit_mynetworks + permit_tls_clientcerts + reject smtpd_data_restrictions = reject_unauth_pipelining content_filter = amavisfeed:[127.0.0.1]:10040 # vim: set filetype=pfmain : |