install_postfix_advanced.sh: add SPF sender whitelist configuration
This commit is contained in:
@@ -36,9 +36,52 @@ openssl s_client -crlf -connect ${mailserver}:993
|
||||
openssl s_client -crlf -starttls imap -connect ${mailserver}:143
|
||||
|
||||
|
||||
# Force IPv4
|
||||
openssl s_client -crlf -starttls smtp -4 -connect ${mailserver}:25 [-state -debug]
|
||||
openssl s_client -crlf -starttls smtp -4 -connect ${mailserver}:587
|
||||
openssl s_client -crlf -4 -connect ${mailserver}:465
|
||||
openssl s_client -crlf -4 -connect ${mailserver}:995
|
||||
openssl s_client -crlf -starttls pop3 -4 -connect ${mailserver}:110
|
||||
openssl s_client -crlf -4 -connect ${mailserver}:993
|
||||
openssl s_client -crlf -starttls imap -4 -connect ${mailserver}:143
|
||||
|
||||
|
||||
# Test RSA based TLS connection
|
||||
#
|
||||
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp -tls1_2
|
||||
echo "quit" | openssl s_client -connect ${mailserver}:25 -starttls smtp
|
||||
|
||||
|
||||
# ---
|
||||
|
||||
|
||||
# Test tracerout TCP
|
||||
#
|
||||
# allgemein:
|
||||
traceroute -T mail.oopen.de
|
||||
|
||||
# speziell die mailuser ports:
|
||||
traceroute -T -p 587 mail.oopen.de
|
||||
traceroute -T -p 465 mail.oopen.de
|
||||
traceroute -T -p 110 mail.oopen.de
|
||||
traceroute -T -p 995 mail.oopen.de
|
||||
traceroute -T -p 143 mail.oopen.de
|
||||
traceroute -T -p 993 mail.oopen.de
|
||||
|
||||
|
||||
# Force IPv4
|
||||
|
||||
# allgemein:
|
||||
traceroute -4 -T mail.oopen.de
|
||||
|
||||
# speziell die mailuser ports:
|
||||
traceroute -4 -T -p 587 mail.oopen.de
|
||||
traceroute -4 -T -p 465 mail.oopen.de
|
||||
traceroute -4 -T -p 110 mail.oopen.de
|
||||
traceroute -4 -T -p 995 mail.oopen.de
|
||||
traceroute -4 -T -p 143 mail.oopen.de
|
||||
traceroute -4 -T -p 993 mail.oopen.de
|
||||
|
||||
|
||||
|
||||
@@ -2932,6 +2932,7 @@ if [[ -n "$(which policyd-spf)" ]] ; then
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
# Check Postfix policy service ..
|
||||
#
|
||||
check_client_access btree:/etc/postfix/spf_sender_whitelist
|
||||
check_policy_service unix:private/policy-spf
|
||||
EOF
|
||||
fi
|
||||
@@ -3495,6 +3496,25 @@ else
|
||||
echo_failed
|
||||
fi
|
||||
|
||||
if [[ -n "$(which policyd-spf)" ]] ; then
|
||||
_file="/etc/postfix/spf_sender_whitelist"
|
||||
echononl " Create file \"${_file}\""
|
||||
cat <<EOF > ${_file}
|
||||
# (Sender) Whitelist from SPF (polidy-spf)
|
||||
|
||||
# All mails from domain 'domain-robot.org' (including subdomains)
|
||||
domain-robot.org OK
|
||||
EOF
|
||||
|
||||
postmap btree:${_file}
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
echononl " Create file \"client_allow_relay\""
|
||||
if [[ ! -f "/etc/postfix/client_allow_relay" ]]; then
|
||||
cat <<EOF > /etc/postfix/client_allow_relay
|
||||
|
||||
Reference in New Issue
Block a user