Restrict XHOST to where useful

2 years ago · b263db72df
parent bf0c345bb9
commit b263db72df
2 changed files with 1 additions and 3 deletions
--- a/core/postfix/conf/main.cf
+++ b/core/postfix/conf/main.cf
@ -40,9 +40,6 @@ smtp_sasl_tls_security_options = noanonymous
 # Recipient delimiter for extended addresses
 recipient_delimiter = {{ RECIPIENT_DELIMITER }}

-# We need to allow everything to do xclient and rely on front to filter-out "bad" requests
-smtpd_authorized_xclient_hosts=0.0.0.0/0 [::0]/0
-
 ###############
 # TLS
 ###############
--- a/core/postfix/conf/master.cf
+++ b/core/postfix/conf/master.cf
@ -11,6 +11,7 @@ smtp      inet  n       -       n       -       1       smtpd
  -o smtpd_client_restrictions=$check_ratelimit,reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit
  -o smtpd_reject_unlisted_recipient={% if REJECT_UNLISTED_RECIPIENT %}{{ REJECT_UNLISTED_RECIPIENT }}{% else %}no{% endif %}
  -o cleanup_service_name=outclean
+  -o smtpd_authorized_xclient_hosts={{ SUBNET}},{{ SUBNET6 }}
 outclean  unix n       -       n       -       0       cleanup
  -o header_checks=pcre:/etc/postfix/outclean_header_filter.cf
  -o nested_header_checks=