Restrict XHOST to where useful

main
Florent Daigniere 2 years ago
parent bf0c345bb9
commit b263db72df

@ -40,9 +40,6 @@ smtp_sasl_tls_security_options = noanonymous
# Recipient delimiter for extended addresses # Recipient delimiter for extended addresses
recipient_delimiter = {{ RECIPIENT_DELIMITER }} recipient_delimiter = {{ RECIPIENT_DELIMITER }}
# We need to allow everything to do xclient and rely on front to filter-out "bad" requests
smtpd_authorized_xclient_hosts=0.0.0.0/0 [::0]/0
############### ###############
# TLS # TLS
############### ###############

@ -11,6 +11,7 @@ smtp inet n - n - 1 smtpd
-o smtpd_client_restrictions=$check_ratelimit,reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit -o smtpd_client_restrictions=$check_ratelimit,reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit
-o smtpd_reject_unlisted_recipient={% if REJECT_UNLISTED_RECIPIENT %}{{ REJECT_UNLISTED_RECIPIENT }}{% else %}no{% endif %} -o smtpd_reject_unlisted_recipient={% if REJECT_UNLISTED_RECIPIENT %}{{ REJECT_UNLISTED_RECIPIENT }}{% else %}no{% endif %}
-o cleanup_service_name=outclean -o cleanup_service_name=outclean
-o smtpd_authorized_xclient_hosts={{ SUBNET}},{{ SUBNET6 }}
outclean unix n - n - 0 cleanup outclean unix n - n - 0 cleanup
-o header_checks=pcre:/etc/postfix/outclean_header_filter.cf -o header_checks=pcre:/etc/postfix/outclean_header_filter.cf
-o nested_header_checks= -o nested_header_checks=

Loading…
Cancel
Save