Update podop access and mail restrictions

master
kaiyou 6 years ago
parent 7143fb8c47
commit 697caaab81

@ -56,13 +56,14 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# The alias map actually returns both aliases and local mailboxes, which is
# required for reject_unlisted_sender to work properly
virtual_alias_maps = ${podop}alias/domain
virtual_mailbox_domains = ${podop}mailbox/domain
virtual_mailbox_maps = ${podop}mailbox/map
virtual_alias_domains =
virtual_alias_maps = ${podop}alias
virtual_mailbox_domains = ${podop}domain
virtual_mailbox_maps = ${podop}mailbox
# Mails are transported if required, then forwarded to Dovecot for delivery
relay_domains = ${podop}transport
transport_maps = ${podop}transport
# relay_domains = ${podop}transport
# transport_maps = ${podop}transport
virtual_transport = lmtp:inet:{{ HOST_LMTP }}
# In order to prevent Postfix from running DNS query, enforce the use of the
@ -82,15 +83,20 @@ smtpd_sender_login_maps = $virtual_alias_maps
# Restrictions for incoming SMTP, other restrictions are applied in master.cf
smtpd_helo_required = yes
smtpd_recipient_restrictions =
smtpd_client_restrictions =
permit_mynetworks,
check_sender_access ${podop}spoofed
reject_unauth_destination,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unverified_recipient,
permit
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject
unverified_recipient_reject_reason = Address lookup failure
###############

@ -7,7 +7,7 @@ smtp inet n - n - - smtpd
# Internal SMTP service
10025 inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit
-o smtpd_client_restrictions=reject_unlisted_sender,reject_unauth_destination,reject_authenticated_sender_login_mismatch,permit
-o cleanup_service_name=outclean
outclean unix n - n - 0 cleanup
-o header_checks=pcre:/etc/postfix/outclean_header_filter.cf

Loading…
Cancel
Save