diff options
| -rwxr-xr-x | postfix/anti-uce.sh | 14 | ||||
| -rwxr-xr-x | postfix/purge-spam-from-queue.sh | 7 | ||||
| -rw-r--r-- | postfix/smtpd_recipient_restrictions | 9 |
3 files changed, 19 insertions, 11 deletions
diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh index 6eaca24..2aaf068 100755 --- a/postfix/anti-uce.sh +++ b/postfix/anti-uce.sh @@ -4,22 +4,22 @@ set -e paramdir="/etc/local-COMMON/postfix" -function getlinefromfile() { +function getlinesfromfile() { param="$1" echo -n "$param = " - cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/[, ]\+/,/g' -e 's/,$//' + cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/^[, ]*//' -e 's/[, ]\+/,/g' -e 's/,$//' } postconf -e "smtpd_helo_required = yes" -postconf -e "permit_mx_backup_networks = /etc/local-COMMON/postfix/mx_networks" -postconf -e "`getlinefromfile maps_rbl_domains`" -postconf -e "`getlinefromfile smtpd_recipient_restrictions`" +postconf -e "`getlinesfromfile permit_mx_backup_networks`" +postconf -e "`getlinesfromfile maps_rbl_domains`" +postconf -e "`getlinesfromfile smtpd_recipient_restrictions`" /etc/init.d/postfix reload # Based on this: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt -# Support fortrusted MX backup networks added -# PCRE stuff avoided,as PCRE is only optional on newest Debian packages +# Support for trusted MX backup networks added +# PCRE stuff avoided, as PCRE is only optional on newest Debian packages # RBLs replaced with those recommended by http://www.antispews.org/ # Here's a convenient overview of different blackholes: diff --git a/postfix/purge-spam-from-queue.sh b/postfix/purge-spam-from-queue.sh new file mode 100755 index 0000000..b03eac3 --- /dev/null +++ b/postfix/purge-spam-from-queue.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +badmails=`mailq | egrep -v '^( |$)' | egrep '@(earthlink\.net|yahoo\.com|excite\.com|hotmail\.com)' | sed 's/[^[:alnum:]].*//'` + +for x in $badmails; do + postsuper -d $x +done diff --git a/postfix/smtpd_recipient_restrictions b/postfix/smtpd_recipient_restrictions index ec48c9a..890db14 100644 --- a/postfix/smtpd_recipient_restrictions +++ b/postfix/smtpd_recipient_restrictions @@ -1,11 +1,12 @@ reject_invalid_hostname -#reject_non_fqdn_hostname # These should only be enabled on a true mailhub (even some Debian daemons expect to be able to deliver to localhost) -#reject_non_fqdn_sender -#reject_non_fqdn_recipient +permit_mynetworks # Move this below FQDN-checks on a "true mailhub" - some Debian daemons send to localhost +reject_non_fqdn_hostname +reject_non_fqdn_sender +reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain reject_unauth_pipelining -permit_mynetworks +#permit_mynetworks # Moved to top to allow Debian daemons sending to localhost permit_mx_backup reject_unauth_destination reject_maps_rbl |