diff --git a/core/admin/mailu/internal/views/postfix.py b/core/admin/mailu/internal/views/postfix.py index c337c24e..79fbdb8a 100644 --- a/core/admin/mailu/internal/views/postfix.py +++ b/core/admin/mailu/internal/views/postfix.py @@ -40,3 +40,15 @@ def postfix_transport(email): localpart, domain = email.split('@', 1) if '@' in email else (None, email) relay = models.Relay.query.get(domain) or flask.abort(404) return flask.jsonify("smtp:[{}]".format(relay.smtp)) + + +@internal.route("/postfix/sender/") +def postfix_sender(sender): + """ Simply reject any sender that pretends to be from a local domain + """ + localpart, domain_name = sender.split('@', 1) if '@' in sender else (None, sender) + domain = models.Domain.query.get(domain_name) + alternative = models.Alternative.query.get(domain_name) + if domain or alternative: + return flask.jsonify("REJECT") + return flask.abort(404) diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf index 2f389069..cd052d46 100644 --- a/core/postfix/conf/main.cf +++ b/core/postfix/conf/main.cf @@ -87,6 +87,7 @@ smtpd_helo_required = yes smtpd_client_restrictions = permit_mynetworks, + check_sender_access ${podop}sender, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, diff --git a/core/postfix/start.py b/core/postfix/start.py index 04d63456..251f5b05 100755 --- a/core/postfix/start.py +++ b/core/postfix/start.py @@ -17,6 +17,7 @@ def start_podop(): ("alias", "url", "http://admin/internal/postfix/alias/§"), ("domain", "url", "http://admin/internal/postfix/domain/§"), ("mailbox", "url", "http://admin/internal/postfix/mailbox/§"), + ("sender", "url", "http://admin/internal/postfix/sender/§") ]) convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))