Add a specific server for xclient-authenticated connections
This commit is contained in:
kaiyou
@@ -31,9 +31,6 @@ relayhost = {{ RELAYHOST }}
|
|||||||
# Recipient delimiter for extended addresses
|
# Recipient delimiter for extended addresses
|
||||||
recipient_delimiter = {{ RECIPIENT_DELIMITER }}
|
recipient_delimiter = {{ RECIPIENT_DELIMITER }}
|
||||||
|
|
||||||
# XClient for connection from the frontend
|
|
||||||
smtpd_authorized_xclient_hosts = {{ FRONT_ADDRESS }}
|
|
||||||
|
|
||||||
###############
|
###############
|
||||||
# TLS
|
# TLS
|
||||||
###############
|
###############
|
||||||
@@ -79,22 +76,14 @@ smtpd_delay_reject = yes
|
|||||||
smtpd_sender_login_maps = $virtual_alias_maps
|
smtpd_sender_login_maps = $virtual_alias_maps
|
||||||
|
|
||||||
# Helo restrictions are specified for smtp only in master.cf
|
# Helo restrictions are specified for smtp only in master.cf
|
||||||
|
# Restrictions for incoming SMTP, other restrictions are applied in master.cf
|
||||||
smtpd_helo_required = yes
|
smtpd_helo_required = yes
|
||||||
|
|
||||||
# Sender restrictions
|
|
||||||
smtpd_sender_restrictions =
|
|
||||||
permit_mynetworks,
|
|
||||||
reject_non_fqdn_sender,
|
|
||||||
reject_unknown_sender_domain,
|
|
||||||
reject_unlisted_sender,
|
|
||||||
reject_sender_login_mismatch,
|
|
||||||
permit
|
|
||||||
|
|
||||||
# Recipient restrictions:
|
|
||||||
smtpd_recipient_restrictions =
|
smtpd_recipient_restrictions =
|
||||||
permit_mynetworks,
|
permit_mynetworks,
|
||||||
reject_unauth_pipelining,
|
check_sender_access ${sql}sqlite-reject-spoofed.cf,
|
||||||
reject_non_fqdn_recipient,
|
reject_non_fqdn_sender,
|
||||||
|
reject_unknown_sender_domain,
|
||||||
reject_unknown_recipient_domain,
|
reject_unknown_recipient_domain,
|
||||||
permit
|
permit
|
||||||
|
|
||||||
|
|||||||
@@ -1,11 +1,14 @@
|
|||||||
# service type private unpriv chroot wakeup maxproc command + args
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
# (yes) (yes) (yes) (never) (100)
|
# (yes) (yes) (yes) (never) (100)
|
||||||
|
|
||||||
# Exposed SMTP services
|
# Exposed SMTP service
|
||||||
smtp inet n - n - - smtpd
|
smtp inet n - n - - smtpd
|
||||||
-o cleanup_service_name=outclean
|
|
||||||
|
|
||||||
# Additional services
|
# Internal SMTP service
|
||||||
|
10025 inet n - n - - smtpd
|
||||||
|
-o smtpd_authorized_xclient_hosts={{ FRONT_ADDRESS }}
|
||||||
|
-o smtpd_recipient_restrictions=reject_unlisted_sender,reject_sender_login_mismatch,permit
|
||||||
|
-o cleanup_service_name=outclean
|
||||||
outclean unix n - n - 0 cleanup
|
outclean unix n - n - 0 cleanup
|
||||||
-o header_checks=pcre:/etc/postfix/outclean_header_filter.cf
|
-o header_checks=pcre:/etc/postfix/outclean_header_filter.cf
|
||||||
|
|
||||||
|
|||||||
5
postfix/conf/sqlite-reject-spoofed.cf
Normal file
5
postfix/conf/sqlite-reject-spoofed.cf
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
dbpath = /data/main.db
|
||||||
|
query =
|
||||||
|
SELECT 'REJECT' FROM domain WHERE name='%s'
|
||||||
|
UNION
|
||||||
|
SELECT 'REJECT' FROM name WHERE name='%s'
|
||||||
Reference in New Issue
Block a user