install_postfix_advanced.sh: adjust postfwd configuration.

install_postfix_advanced.sh

@@ -605,17 +605,17 @@ if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then
 
 # Whitelist users
 &&TRUSTED_USERS {
-    sasl_username=file:/etc/postfix/postfwd.wl-user
+    sasl_username==file:/etc/postfix/postfwd.wl-user
 }
 
 # Blacklist users
 &&BLOCK_USERS {
-   sasl_username=file:/etc/postfix/postfwd.bl-user
+   sasl_username==file:/etc/postfix/postfwd.bl-user
 }
 
 # Blacklist sender adresses
 &&BLOCK_SENDER {
-   sender=file:/etc/postfix/postfwd.bl-sender
+   sender==file:/etc/postfix/postfwd.bl-sender
 }
 
 # Inbound emails only
@@ -624,22 +624,30 @@ if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then
 }
 
 
-#======= Rule sets ============
+#======= Rule Sets ============
 
 # Whitelists
 
+# Whitelist sasl users
 id=WHL_USERS
 	&&TRUSTED_USERS
 	action=DUNNO
 
+
 # Blacklist users
+
 id=BL_USERS
    &&BLOCK_USERS
    action=REJECT User is blocked by so36.NET admins. Error: BL_USERS
 
+# Blacklist sender
+#
+#    Claim successful delivery and silently discard the message.
+#
 id=BL_SENDER
    &&BLOCK_SENDER
-   action=REJECT Sender address is blocked by so36.NET admins. Error: BL_SENDER
+   action=DISCARD
+   #action=REJECT Sender address is blocked by so36.NET admins. Error: BL_SENDER
 
 
 # Rate Limits
@@ -655,13 +663,13 @@ id=BLOCK_MSG_RCPT
 id=RATE_MSG
     &&INCOMING
     &&SASL_AUTH
-    action=rate(\$\$sasl_username/50/3600/450 4.7.1 Rate limit number messages per hour exceeded. Error:RATE_MSG)
+    action=rate(\$\$sasl_username/50/3600/450 4.7.1 Number messages per hour exceeded. Error:RATE_MSG)
 
 # Block users sending more than 250 recipients total/hour
 id=RATE_RCPT
     &&INCOMING
     &&SASL_AUTH
-    action=rcpt(\$\$sasl_username/250/3600/450 4.7.1 Rate limit number recipients per hour exceeded. Error:RATE_RCPT)
+    action=rcpt(\$\$sasl_username/250/3600/450 4.7.1 Number recipients per hour exceeded. Error:RATE_RCPT)
 
 EOF
 	if [[ $? -eq 0 ]] ; then
@@ -1225,11 +1233,37 @@ virtual_alias_domains =
 smtpd_restriction_classes = check_greylist
 check_greylist = check_policy_service inet:127.0.0.1:10023
 
+# The time limit for delivery to 'postfwd'
+127.0.0.1:10040_time_limit = 3600
+
+
+## ---
+## smtpd HELO Restrictions
+## ---
+smtpd_helo_restrictions =
+   # Don't talk to mail systems that don't know their own hostname.
+   reject_unknown_helo_hostname
+
+
+## ---
+## - smtpd DATA Restrictions
+## ---
+
+smtpd_data_restrictions =
+   # Block clients that speak too early.
+   reject_unauth_pipelining
+
+smtpd_end_of_data_restrictions =
+   # Check Postfix Firewall Daemon
+   check_policy_service inet:127.0.0.1:10040
+
 
 ## ---
 ## - smtpd Recipient Restrictions
 ## ---
 
+# Applied in the context of a client RCPT TO command, after smtpd_relay_restrictions
+#
 smtpd_recipient_restrictions =
 # only special accounts (postmaster, abuse and other rolr accounts)
    check_recipient_access  btree:/etc/postfix/access_recipient-rfc,
@@ -1238,8 +1272,6 @@ smtpd_recipient_restrictions =
    check_recipient_access btree:/etc/postfix/access_recipient,
 # permit trusted network (mynetwork)
    permit_mynetworks,
-# Check Postfix Firewall Daemon
-   check_policy_service inet:127.0.0.1:10040,
 # permit our users
    permit_sasl_authenticated,
 # dont' accept misconfigured Mail
@@ -1326,6 +1358,9 @@ smtpd_recipient_restrictions =
 ## - smtpd Relay Restrictions (since version 2.11)
 ## ---
 
+# Access restrictions for mail relay control applied in the context of 
+# the RCPT TO command, before smtpd_recipient_restrictions. 
+#
 smtpd_relay_restrictions =
 # only special accounts (postmaster, abuse and other rolr accounts)
    check_recipient_access  btree:/etc/postfix/access_recipient-rfc,
@@ -1334,8 +1369,6 @@ smtpd_relay_restrictions =
    check_recipient_access btree:/etc/postfix/access_recipient,
 # permit trusted network (mynetwork)
    permit_mynetworks,
-# Check Postfix Firewall Daemon
-   check_policy_service inet:127.0.0.1:10040,
 # permit our users
    permit_sasl_authenticated,
 # dont' accept misconfigured Mail