install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install_postfix_advanced.sh: adjust postfwd configuration.

Browse Source
This commit is contained in:
Christoph 2018-11-27 01:46:59 +01:00
parent 823b78ff5c
commit c96b9b1096
1 changed files with 44 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
install_postfix_advanced.sh
View File

@ -605,17 +605,17 @@ if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then
# Whitelist users # Whitelist users
&&TRUSTED_USERS { &&TRUSTED_USERS {
sasl_username=file:/etc/postfix/postfwd.wl-user sasl_username==file:/etc/postfix/postfwd.wl-user
} }
# Blacklist users # Blacklist users
&&BLOCK_USERS { &&BLOCK_USERS {
sasl_username=file:/etc/postfix/postfwd.bl-user sasl_username==file:/etc/postfix/postfwd.bl-user
} }
# Blacklist sender adresses # Blacklist sender adresses
&&BLOCK_SENDER { &&BLOCK_SENDER {
sender=file:/etc/postfix/postfwd.bl-sender sender==file:/etc/postfix/postfwd.bl-sender
} }
# Inbound emails only # Inbound emails only
@ -624,22 +624,30 @@ if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then
} }
#======= Rule sets ============ #======= Rule Sets ============
# Whitelists # Whitelists
# Whitelist sasl users
id=WHL_USERS id=WHL_USERS
&&TRUSTED_USERS &&TRUSTED_USERS
action=DUNNO action=DUNNO
# Blacklist users # Blacklist users
id=BL_USERS id=BL_USERS
&&BLOCK_USERS &&BLOCK_USERS
action=REJECT User is blocked by so36.NET admins. Error: BL_USERS action=REJECT User is blocked by so36.NET admins. Error: BL_USERS
# Blacklist sender
#
# Claim successful delivery and silently discard the message.
#
id=BL_SENDER id=BL_SENDER
&&BLOCK_SENDER &&BLOCK_SENDER
action=REJECT Sender address is blocked by so36.NET admins. Error: BL_SENDER action=DISCARD
#action=REJECT Sender address is blocked by so36.NET admins. Error: BL_SENDER
# Rate Limits # Rate Limits
@ -655,13 +663,13 @@ id=BLOCK_MSG_RCPT
id=RATE_MSG id=RATE_MSG
&&INCOMING &&INCOMING
&&SASL_AUTH &&SASL_AUTH
action=rate(\$\$sasl_username/50/3600/450 4.7.1 Rate limit number messages per hour exceeded. Error:RATE_MSG) action=rate(\$\$sasl_username/50/3600/450 4.7.1 Number messages per hour exceeded. Error:RATE_MSG)
# Block users sending more than 250 recipients total/hour # Block users sending more than 250 recipients total/hour
id=RATE_RCPT id=RATE_RCPT
&&INCOMING &&INCOMING
&&SASL_AUTH &&SASL_AUTH
action=rcpt(\$\$sasl_username/250/3600/450 4.7.1 Rate limit number recipients per hour exceeded. Error:RATE_RCPT) action=rcpt(\$\$sasl_username/250/3600/450 4.7.1 Number recipients per hour exceeded. Error:RATE_RCPT)
EOF EOF
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
@ -1225,11 +1233,37 @@ virtual_alias_domains =
smtpd_restriction_classes = check_greylist smtpd_restriction_classes = check_greylist
check_greylist = check_policy_service inet:127.0.0.1:10023 check_greylist = check_policy_service inet:127.0.0.1:10023
# The time limit for delivery to 'postfwd'
127.0.0.1:10040_time_limit = 3600
## ---
## smtpd HELO Restrictions
## ---
smtpd_helo_restrictions =
# Don't talk to mail systems that don't know their own hostname.
reject_unknown_helo_hostname
## ---
## - smtpd DATA Restrictions
## ---
smtpd_data_restrictions =
# Block clients that speak too early.
reject_unauth_pipelining
smtpd_end_of_data_restrictions =
# Check Postfix Firewall Daemon
check_policy_service inet:127.0.0.1:10040
## --- ## ---
## - smtpd Recipient Restrictions ## - smtpd Recipient Restrictions
## --- ## ---
# Applied in the context of a client RCPT TO command, after smtpd_relay_restrictions
#
smtpd_recipient_restrictions = smtpd_recipient_restrictions =
# only special accounts (postmaster, abuse and other rolr accounts) # only special accounts (postmaster, abuse and other rolr accounts)
check_recipient_access btree:/etc/postfix/access_recipient-rfc, check_recipient_access btree:/etc/postfix/access_recipient-rfc,
@ -1238,8 +1272,6 @@ smtpd_recipient_restrictions =
check_recipient_access btree:/etc/postfix/access_recipient, check_recipient_access btree:/etc/postfix/access_recipient,
# permit trusted network (mynetwork) # permit trusted network (mynetwork)
permit_mynetworks, permit_mynetworks,
# Check Postfix Firewall Daemon
check_policy_service inet:127.0.0.1:10040,
# permit our users # permit our users
permit_sasl_authenticated, permit_sasl_authenticated,
# dont' accept misconfigured Mail # dont' accept misconfigured Mail
@ -1326,6 +1358,9 @@ smtpd_recipient_restrictions =
## - smtpd Relay Restrictions (since version 2.11) ## - smtpd Relay Restrictions (since version 2.11)
## --- ## ---
# Access restrictions for mail relay control applied in the context of
# the RCPT TO command, before smtpd_recipient_restrictions.
#
smtpd_relay_restrictions = smtpd_relay_restrictions =
# only special accounts (postmaster, abuse and other rolr accounts) # only special accounts (postmaster, abuse and other rolr accounts)
check_recipient_access btree:/etc/postfix/access_recipient-rfc, check_recipient_access btree:/etc/postfix/access_recipient-rfc,
@ -1334,8 +1369,6 @@ smtpd_relay_restrictions =
check_recipient_access btree:/etc/postfix/access_recipient, check_recipient_access btree:/etc/postfix/access_recipient,
# permit trusted network (mynetwork) # permit trusted network (mynetwork)
permit_mynetworks, permit_mynetworks,
# Check Postfix Firewall Daemon
check_policy_service inet:127.0.0.1:10040,
# permit our users # permit our users
permit_sasl_authenticated, permit_sasl_authenticated,
# dont' accept misconfigured Mail # dont' accept misconfigured Mail