From 27ef6c5d9add55acd15029feace8ac1f1094f308 Mon Sep 17 00:00:00 2001 From: Pierre Jaury Date: Tue, 1 Nov 2016 11:05:47 +0100 Subject: [PATCH] Add postfix restrictions, related to #95 --- postfix/conf/main.cf | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index 049953a6..09391e21 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -82,6 +82,41 @@ virtual_transport = lmtp:inet:imap:2525 # native DNS stack, that will check /etc/hosts properly. lmtp_host_lookup = native +############### +# Restrictions +############### + +# Delay all rejects until all information can be logged +smtpd_delay_reject = yes + +# Allowed senders are: the user or one of the alias destinations +smtpd_sender_login_maps = $virtual_alias_maps + +# Helo restrictions +smtpd_helo_required = yes +smtpd_helo_restrictions = + permit_mynetworks, + reject_non_fqdn_helo_hostname, + reject_invalid_helo_hostname, + permit + +# Sender restrictions +smtpd_sender_restrictions = + permit_mynetworks, + reject_non_fqdn_sender, + reject_unknown_sender_domain, + reject_sender_login_mismatch, + permit + +# Recipient restrictions: +smtpd_recipient_restrictions = + reject_unauth_pipelining, + reject_non_fqdn_recipient, + reject_unknown_recipient_domain, + permit_mynetworks, + reject_unauth_destination, + permit + ############### # Milter ###############