install_postfix_advanced.sh: add SPF sender whitelist configuration

This commit is contained in:
2026-06-19 11:46:17 +02:00
parent b99844c1b5
commit d92941ed96
2 changed files with 63 additions and 0 deletions
+43
View File
@@ -36,9 +36,52 @@ openssl s_client -crlf -connect ${mailserver}:993
openssl s_client -crlf -starttls imap -connect ${mailserver}:143 openssl s_client -crlf -starttls imap -connect ${mailserver}:143
# Force IPv4
openssl s_client -crlf -starttls smtp -4 -connect ${mailserver}:25 [-state -debug]
openssl s_client -crlf -starttls smtp -4 -connect ${mailserver}:587
openssl s_client -crlf -4 -connect ${mailserver}:465
openssl s_client -crlf -4 -connect ${mailserver}:995
openssl s_client -crlf -starttls pop3 -4 -connect ${mailserver}:110
openssl s_client -crlf -4 -connect ${mailserver}:993
openssl s_client -crlf -starttls imap -4 -connect ${mailserver}:143
# Test RSA based TLS connection # Test RSA based TLS connection
# #
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp
# ---
# Test tracerout TCP
#
# allgemein:
traceroute -T mail.oopen.de
# speziell die mailuser ports:
traceroute -T -p 587 mail.oopen.de
traceroute -T -p 465 mail.oopen.de
traceroute -T -p 110 mail.oopen.de
traceroute -T -p 995 mail.oopen.de
traceroute -T -p 143 mail.oopen.de
traceroute -T -p 993 mail.oopen.de
# Force IPv4
# allgemein:
traceroute -4 -T mail.oopen.de
# speziell die mailuser ports:
traceroute -4 -T -p 587 mail.oopen.de
traceroute -4 -T -p 465 mail.oopen.de
traceroute -4 -T -p 110 mail.oopen.de
traceroute -4 -T -p 995 mail.oopen.de
traceroute -4 -T -p 143 mail.oopen.de
traceroute -4 -T -p 993 mail.oopen.de
+20
View File
@@ -2932,6 +2932,7 @@ if [[ -n "$(which policyd-spf)" ]] ; then
cat <<EOF >> /etc/postfix/main.cf cat <<EOF >> /etc/postfix/main.cf
# Check Postfix policy service .. # Check Postfix policy service ..
# #
check_client_access btree:/etc/postfix/spf_sender_whitelist
check_policy_service unix:private/policy-spf check_policy_service unix:private/policy-spf
EOF EOF
fi fi
@@ -3495,6 +3496,25 @@ else
echo_failed echo_failed
fi fi
if [[ -n "$(which policyd-spf)" ]] ; then
_file="/etc/postfix/spf_sender_whitelist"
echononl " Create file \"${_file}\""
cat <<EOF > ${_file}
# (Sender) Whitelist from SPF (polidy-spf)
# All mails from domain 'domain-robot.org' (including subdomains)
domain-robot.org OK
EOF
postmap btree:${_file}
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
fi
echononl " Create file \"client_allow_relay\"" echononl " Create file \"client_allow_relay\""
if [[ ! -f "/etc/postfix/client_allow_relay" ]]; then if [[ ! -f "/etc/postfix/client_allow_relay" ]]; then
cat <<EOF > /etc/postfix/client_allow_relay cat <<EOF > /etc/postfix/client_allow_relay