From 425c79ad30740340c46770315b9b6c7b06a04347 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 16 Sep 2015 00:08:37 +0200 Subject: Fix address verification probes on the MSA. Put all relay restrictions under smtpd_relay_restrictions and leave smtpd_recipient_restrictions empty, since we don't do DNSBL. --- roles/IMAP/templates/etc/postfix/main.cf.j2 | 4 +--- roles/MSA/templates/etc/postfix/main.cf.j2 | 8 +++----- roles/MX/templates/etc/postfix/main.cf.j2 | 4 +--- roles/lists/templates/etc/postfix/main.cf.j2 | 4 +--- roles/out/templates/etc/postfix/main.cf.j2 | 8 +++----- 5 files changed, 9 insertions(+), 19 deletions(-) diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 index 4cc07a6..1d71131 100644 --- a/roles/IMAP/templates/etc/postfix/main.cf.j2 +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -94,13 +94,11 @@ smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = + reject_non_fqdn_recipient permit_mynetworks permit_tls_clientcerts reject -smtpd_recipient_restrictions = - reject_non_fqdn_recipient - smtpd_data_restrictions = reject_unauth_pipelining diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 6e13cff..efcebef 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -115,14 +115,12 @@ smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_relay_restrictions = - permit_mynetworks - permit_sasl_authenticated - reject - -smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient + permit_mynetworks + permit_sasl_authenticated + reject smtpd_data_restrictions = reject_unauth_pipelining diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index c911c05..b9f7c09 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -152,13 +152,11 @@ smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = + reject_non_fqdn_recipient permit_mynetworks reject_unauth_destination reject_unlisted_recipient -smtpd_recipient_restrictions = - reject_non_fqdn_recipient - smtpd_data_restrictions = reject_unauth_pipelining diff --git a/roles/lists/templates/etc/postfix/main.cf.j2 b/roles/lists/templates/etc/postfix/main.cf.j2 index d286f27..b314d95 100644 --- a/roles/lists/templates/etc/postfix/main.cf.j2 +++ b/roles/lists/templates/etc/postfix/main.cf.j2 @@ -86,13 +86,11 @@ smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = + reject_non_fqdn_recipient permit_mynetworks permit_tls_clientcerts reject -smtpd_recipient_restrictions = - reject_non_fqdn_recipient - smtpd_data_restrictions = reject_unauth_pipelining diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index 3ad80b1..8766984 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -87,14 +87,12 @@ smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = - permit_mynetworks - permit_tls_clientcerts - reject - -smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unverified_recipient + permit_mynetworks + permit_tls_clientcerts + reject smtpd_data_restrictions = reject_unauth_pipelining -- cgit v1.2.3