diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 0674546..e89687e 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -605,17 +605,17 @@ if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then # Whitelist users &&TRUSTED_USERS { - sasl_username=file:/etc/postfix/postfwd.wl-user + sasl_username==file:/etc/postfix/postfwd.wl-user } # Blacklist users &&BLOCK_USERS { - sasl_username=file:/etc/postfix/postfwd.bl-user + sasl_username==file:/etc/postfix/postfwd.bl-user } # Blacklist sender adresses &&BLOCK_SENDER { - sender=file:/etc/postfix/postfwd.bl-sender + sender==file:/etc/postfix/postfwd.bl-sender } # Inbound emails only @@ -624,22 +624,30 @@ if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then } -#======= Rule sets ============ +#======= Rule Sets ============ # Whitelists +# Whitelist sasl users id=WHL_USERS &&TRUSTED_USERS action=DUNNO + # Blacklist users + id=BL_USERS &&BLOCK_USERS action=REJECT User is blocked by so36.NET admins. Error: BL_USERS +# Blacklist sender +# +# Claim successful delivery and silently discard the message. +# id=BL_SENDER &&BLOCK_SENDER - action=REJECT Sender address is blocked by so36.NET admins. Error: BL_SENDER + action=DISCARD + #action=REJECT Sender address is blocked by so36.NET admins. Error: BL_SENDER # Rate Limits @@ -655,13 +663,13 @@ id=BLOCK_MSG_RCPT id=RATE_MSG &&INCOMING &&SASL_AUTH - action=rate(\$\$sasl_username/50/3600/450 4.7.1 Rate limit number messages per hour exceeded. Error:RATE_MSG) + action=rate(\$\$sasl_username/50/3600/450 4.7.1 Number messages per hour exceeded. Error:RATE_MSG) # Block users sending more than 250 recipients total/hour id=RATE_RCPT &&INCOMING &&SASL_AUTH - action=rcpt(\$\$sasl_username/250/3600/450 4.7.1 Rate limit number recipients per hour exceeded. Error:RATE_RCPT) + action=rcpt(\$\$sasl_username/250/3600/450 4.7.1 Number recipients per hour exceeded. Error:RATE_RCPT) EOF if [[ $? -eq 0 ]] ; then @@ -1225,11 +1233,37 @@ virtual_alias_domains = smtpd_restriction_classes = check_greylist check_greylist = check_policy_service inet:127.0.0.1:10023 +# The time limit for delivery to 'postfwd' +127.0.0.1:10040_time_limit = 3600 + + +## --- +## smtpd HELO Restrictions +## --- +smtpd_helo_restrictions = + # Don't talk to mail systems that don't know their own hostname. + reject_unknown_helo_hostname + + +## --- +## - smtpd DATA Restrictions +## --- + +smtpd_data_restrictions = + # Block clients that speak too early. + reject_unauth_pipelining + +smtpd_end_of_data_restrictions = + # Check Postfix Firewall Daemon + check_policy_service inet:127.0.0.1:10040 + ## --- ## - smtpd Recipient Restrictions ## --- +# Applied in the context of a client RCPT TO command, after smtpd_relay_restrictions +# smtpd_recipient_restrictions = # only special accounts (postmaster, abuse and other rolr accounts) check_recipient_access btree:/etc/postfix/access_recipient-rfc, @@ -1238,8 +1272,6 @@ smtpd_recipient_restrictions = check_recipient_access btree:/etc/postfix/access_recipient, # permit trusted network (mynetwork) permit_mynetworks, -# Check Postfix Firewall Daemon - check_policy_service inet:127.0.0.1:10040, # permit our users permit_sasl_authenticated, # dont' accept misconfigured Mail @@ -1326,6 +1358,9 @@ smtpd_recipient_restrictions = ## - smtpd Relay Restrictions (since version 2.11) ## --- +# Access restrictions for mail relay control applied in the context of +# the RCPT TO command, before smtpd_recipient_restrictions. +# smtpd_relay_restrictions = # only special accounts (postmaster, abuse and other rolr accounts) check_recipient_access btree:/etc/postfix/access_recipient-rfc, @@ -1334,8 +1369,6 @@ smtpd_relay_restrictions = check_recipient_access btree:/etc/postfix/access_recipient, # permit trusted network (mynetwork) permit_mynetworks, -# Check Postfix Firewall Daemon - check_policy_service inet:127.0.0.1:10040, # permit our users permit_sasl_authenticated, # dont' accept misconfigured Mail