Re-enable sender access check to prevent source spoofing

2018-10-07 01:52:01 +02:00
parent f3f0b98755
commit fc99eb7b34
3 changed files with 14 additions and 0 deletions
--- a/core/postfix/conf/main.cf
+++ b/core/postfix/conf/main.cf
@@ -87,6 +87,7 @@ smtpd_helo_required = yes

 smtpd_client_restrictions =
  permit_mynetworks,
+  check_sender_access ${podop}sender,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
--- a/core/postfix/start.py
+++ b/core/postfix/start.py
@@ -17,6 +17,7 @@ def start_podop():
 		("alias", "url", "http://admin/internal/postfix/alias/§"),
 		("domain", "url", "http://admin/internal/postfix/domain/§"),
        ("mailbox", "url", "http://admin/internal/postfix/mailbox/§"),
+        ("sender", "url", "http://admin/internal/postfix/sender/§")
    ])

 convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))