Update podop access and mail restrictions

2024-12-12 10:45:38 +02:00 · 2018-09-26 00:15:24 +02:00 · 2018-09-26 00:15:24 +02:00 · 697caaab81
commit 697caaab81
parent 7143fb8c47
2 changed files with 14 additions and 8 deletions
--- a/core/postfix/conf/main.cf
+++ b/core/postfix/conf/main.cf
@ -56,13 +56,14 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 # The alias map actually returns both aliases and local mailboxes, which is
 # required for reject_unlisted_sender to work properly
-virtual_alias_maps = ${podop}alias/domain
-virtual_mailbox_domains = ${podop}mailbox/domain
-virtual_mailbox_maps = ${podop}mailbox/map
+virtual_alias_domains =
+virtual_alias_maps = ${podop}alias
+virtual_mailbox_domains = ${podop}domain
+virtual_mailbox_maps = ${podop}mailbox

 # Mails are transported if required, then forwarded to Dovecot for delivery
-relay_domains = ${podop}transport
-transport_maps = ${podop}transport
+# relay_domains = ${podop}transport
+# transport_maps = ${podop}transport
 virtual_transport = lmtp:inet:{{ HOST_LMTP }}

 # In order to prevent Postfix from running DNS query, enforce the use of the
@ -82,15 +83,20 @@ smtpd_sender_login_maps = $virtual_alias_maps
 # Restrictions for incoming SMTP, other restrictions are applied in master.cf
 smtpd_helo_required = yes

-smtpd_recipient_restrictions =
+smtpd_client_restrictions =
  permit_mynetworks,
-  check_sender_access ${podop}spoofed
+  reject_unauth_destination,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
  reject_unverified_recipient,
  permit

+smtpd_relay_restrictions =
+  permit_mynetworks,
+  permit_sasl_authenticated,
+  reject
+
 unverified_recipient_reject_reason = Address lookup failure

 ###############
--- a/core/postfix/conf/master.cf
+++ b/core/postfix/conf/master.cf
@ -7,7 +7,7 @@ smtp      inet  n       -       n       -       -       smtpd
 # Internal SMTP service
 10025     inet  n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_recipient_restrictions=reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit
+  -o smtpd_client_restrictions=reject_unlisted_sender,reject_unauth_destination,reject_authenticated_sender_login_mismatch,permit
  -o cleanup_service_name=outclean
 outclean  unix n       -       n       -       0       cleanup
  -o header_checks=pcre:/etc/postfix/outclean_header_filter.cf