From d92941ed96d22376b6aaf426fe1a3e69bc22ee7c Mon Sep 17 00:00:00 2001 From: Christoph Date: Fri, 19 Jun 2026 11:46:17 +0200 Subject: [PATCH] install_postfix_advanced.sh: add SPF sender whitelist configuration --- DOC/README.test_mailprotocols | 43 +++++++++++++++++++++++++++++++++++ install_postfix_advanced.sh | 20 ++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/DOC/README.test_mailprotocols b/DOC/README.test_mailprotocols index 59778ff..302eb82 100644 --- a/DOC/README.test_mailprotocols +++ b/DOC/README.test_mailprotocols @@ -36,9 +36,52 @@ openssl s_client -crlf -connect ${mailserver}:993 openssl s_client -crlf -starttls imap -connect ${mailserver}:143 +# Force IPv4 +openssl s_client -crlf -starttls smtp -4 -connect ${mailserver}:25 [-state -debug] +openssl s_client -crlf -starttls smtp -4 -connect ${mailserver}:587 +openssl s_client -crlf -4 -connect ${mailserver}:465 +openssl s_client -crlf -4 -connect ${mailserver}:995 +openssl s_client -crlf -starttls pop3 -4 -connect ${mailserver}:110 +openssl s_client -crlf -4 -connect ${mailserver}:993 +openssl s_client -crlf -starttls imap -4 -connect ${mailserver}:143 + + # Test RSA based TLS connection # echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp + + +# --- + + +# Test tracerout TCP +# +# allgemein: +traceroute -T mail.oopen.de + +# speziell die mailuser ports: +traceroute -T -p 587 mail.oopen.de +traceroute -T -p 465 mail.oopen.de +traceroute -T -p 110 mail.oopen.de +traceroute -T -p 995 mail.oopen.de +traceroute -T -p 143 mail.oopen.de +traceroute -T -p 993 mail.oopen.de + + +# Force IPv4 + +# allgemein: +traceroute -4 -T mail.oopen.de + +# speziell die mailuser ports: +traceroute -4 -T -p 587 mail.oopen.de +traceroute -4 -T -p 465 mail.oopen.de +traceroute -4 -T -p 110 mail.oopen.de +traceroute -4 -T -p 995 mail.oopen.de +traceroute -4 -T -p 143 mail.oopen.de +traceroute -4 -T -p 993 mail.oopen.de + + diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 8dbc9ff..f1b61a0 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -2932,6 +2932,7 @@ if [[ -n "$(which policyd-spf)" ]] ; then cat <> /etc/postfix/main.cf # Check Postfix policy service .. # + check_client_access btree:/etc/postfix/spf_sender_whitelist check_policy_service unix:private/policy-spf EOF fi @@ -3495,6 +3496,25 @@ else echo_failed fi +if [[ -n "$(which policyd-spf)" ]] ; then + _file="/etc/postfix/spf_sender_whitelist" + echononl " Create file \"${_file}\"" + cat < ${_file} +# (Sender) Whitelist from SPF (polidy-spf) + +# All mails from domain 'domain-robot.org' (including subdomains) +domain-robot.org OK +EOF + + postmap btree:${_file} + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + fi + +fi + echononl " Create file \"client_allow_relay\"" if [[ ! -f "/etc/postfix/client_allow_relay" ]]; then cat < /etc/postfix/client_allow_relay