install_postfix_advanced.sh: change greylisting to selective greylisting.
This commit is contained in:
parent
458c5353f0
commit
2201dad20f
@ -1025,6 +1025,19 @@ virtual_alias_domains =
|
||||
|
||||
|
||||
#======= Restrictions ============
|
||||
|
||||
## ---
|
||||
## - Define restrictions
|
||||
## ---
|
||||
|
||||
smtpd_restriction_classes = check_greylist
|
||||
check_greylist = check_policy_service inet:127.0.0.1:10023
|
||||
|
||||
|
||||
## ---
|
||||
## - Recipient restrictions
|
||||
## ---
|
||||
|
||||
smtpd_recipient_restrictions =
|
||||
# only special accounts (postmaster, abuse and other rolr accounts)
|
||||
check_recipient_access btree:/etc/postfix/access_recipient-rfc,
|
||||
@ -1055,8 +1068,20 @@ smtpd_recipient_restrictions =
|
||||
# Policyd-Weight
|
||||
#check_policy_service inet:127.0.0.1:12525,
|
||||
# Greylisting check
|
||||
warn_if_reject,
|
||||
check_policy_service inet:127.0.0.1:10023,
|
||||
#
|
||||
# check_policy_service inet:127.0.0.1:10023,
|
||||
#
|
||||
#
|
||||
# Using defined restriction class (see smtpd_restriction_classes):
|
||||
#
|
||||
# greylist all connections:
|
||||
# check_greylist,
|
||||
#
|
||||
# selctive greylisting:
|
||||
# check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
#
|
||||
#warn_if_reject,
|
||||
check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
# Reject the request unless one of the following is true:
|
||||
#
|
||||
# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains
|
||||
@ -1075,8 +1100,10 @@ smtpd_recipient_restrictions =
|
||||
permit
|
||||
|
||||
|
||||
## - Sinve version 2.11
|
||||
## -
|
||||
## ---
|
||||
## - Relay Restrictions (since version 2.11)
|
||||
## ---
|
||||
|
||||
smtpd_relay_restrictions =
|
||||
# only special accounts (postmaster, abuse and other rolr accounts)
|
||||
check_recipient_access btree:/etc/postfix/access_recipient-rfc,
|
||||
@ -1106,9 +1133,21 @@ smtpd_relay_restrictions =
|
||||
#reject_rbl_client dnsbl.njabl.org,
|
||||
# Policyd-Weight
|
||||
#check_policy_service inet:127.0.0.1:12525,
|
||||
# Greylisting check
|
||||
warn_if_reject,
|
||||
check_policy_service inet:127.0.0.1:10023,
|
||||
# Greylisting with postgrey
|
||||
#
|
||||
# check_policy_service inet:127.0.0.1:10023,
|
||||
#
|
||||
#
|
||||
# Using defined restriction class (see 'smtpd_restriction_classes'):
|
||||
#
|
||||
# greylist all connections:
|
||||
# check_greylist,
|
||||
#
|
||||
# selctive greylisting:
|
||||
# check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
#
|
||||
#warn_if_reject,
|
||||
check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
# Reject the request unless one of the following is true:
|
||||
#
|
||||
# - Postfix is mail forwarder: the resolved RCPT TO domain matches \$relay_domains
|
||||
@ -1376,6 +1415,60 @@ else
|
||||
echo_failed
|
||||
fi
|
||||
|
||||
echononl " Create file \"greylist_client_access_pcre\""
|
||||
if [[ ! -f /etc/postfix/greylist_client_access_pcre ]]; then
|
||||
cat <<EOF > /etc/postfix/greylist_client_access_pcre
|
||||
# ---
|
||||
# Check Client Access for greylisting (selective greylisting)
|
||||
# ---
|
||||
#
|
||||
# - Note:
|
||||
# -
|
||||
# - Action 'check_greylist' must be defined by 'smtpd_restriction_classes'
|
||||
# - and also set with an action (check_policy_service inet:127.0.0.1:10023)
|
||||
# - in file /etc/postfix/ main.cf.
|
||||
# -
|
||||
# - Your main.cf may looks like:
|
||||
# -
|
||||
# - smtpd_restriction_classes = check_greylist
|
||||
# - check_greylist = check_policy_service inet:127.0.0.1:10023
|
||||
# -
|
||||
# - smtpd_recipient_restrictions =
|
||||
# - ...
|
||||
# - check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
# - ...
|
||||
# -
|
||||
# - smtpd_relay_restrictions =
|
||||
# - ...
|
||||
# - check_client_access pcre:/etc/postfix/greylist_client_access_pcre,
|
||||
# - ...
|
||||
|
||||
# ---
|
||||
# - For clients matching the following rules greylisting check is applied.
|
||||
# ---
|
||||
|
||||
# unkown clients
|
||||
/^unknown$/ check_greylist
|
||||
|
||||
# everything with 3 or more hyphens in the hostname
|
||||
/(\\-.+){3}$/ check_greylist
|
||||
# everything with 4 or more dots in the hostname
|
||||
/(\\..+){4}$/ check_greylist
|
||||
|
||||
# dialups
|
||||
/(^|[0-9.x_-])(abo|br(e|oa)dband|cabel|(hk)?cablep?|catv|cbl|cidr|d?client2?|cust(omer)?s?|dhcp|dial?(in|up)?|d[iu]p|[asx]?dsld?|dyn(a(dsl|mic)?)?|home|in-addr|modem(cable)?|(di)?pool|ppp|ptr|rev|static|user|YahooBB[0-9]{12}|c[[:alnum:]]{6,}(\\.[a-z]{3})?\\.virtua|[1-9]Cust[0-9]+|AC[A-Z][0-9A-F]{5}\\.ipt|pcp[0-9]{6,}pcs|S0106[[:alnum:]]{12,}\\.[a-z]{2})[0-9.x_-]/ check_greylist
|
||||
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
if ! $IS_RELAY_HOST ; then
|
||||
## - Create Directory '/var/vmail' for virtual mailboxes
|
||||
## -
|
||||
|
||||
Loading…
Reference in New Issue
Block a user