From 199a909669e821c05d85172b4645e0c46dc1cff4 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 10 Jul 2014 01:21:34 +0200 Subject: Fix $smtpd_sender_restrictions. On the MDA the domain is our 'mda.fripost.org', there is no need to perform an extra DNS lookup. The MSA does not perform local or virtual delivery, but relays everything to the outgoing SMTP proxy. On the MX, there is no need to check for recipient validity as we are the final destination; but unsure that the RCPT TO address is a valid recipient before doing the greylisting. --- roles/IMAP/templates/etc/postfix/main.cf.j2 | 1 - roles/MSA/templates/etc/postfix/main.cf.j2 | 2 +- roles/MX/templates/etc/postfix/main.cf.j2 | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) (limited to 'roles') diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 index 5a17fe2..03a3aef 100644 --- a/roles/IMAP/templates/etc/postfix/main.cf.j2 +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -95,7 +95,6 @@ smtpd_sender_restrictions = smtpd_recipient_restrictions = # RFC requirements reject_non_fqdn_recipient - reject_unknown_recipient_domain permit_mynetworks permit_tls_clientcerts reject diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 36ec8d2..b23d6bb 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -118,7 +118,7 @@ smtpd_recipient_restrictions = reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated - reject_unauth_destination + reject smtpd_data_restrictions = reject_unauth_pipelining diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 22b68f3..b1d28f9 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -143,9 +143,9 @@ smtpd_sender_restrictions = smtpd_recipient_restrictions = # RFC requirements reject_non_fqdn_recipient - reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination + reject_unlisted_recipient check_policy_service unix:private/postgrey smtpd_data_restrictions = -- cgit v1.2.3