summaryrefslogtreecommitdiff
path: root/postfix
diff options
context:
space:
mode:
Diffstat (limited to 'postfix')
-rwxr-xr-xpostfix/anti-uce.sh19
-rw-r--r--postfix/maps_rbl_domains (renamed from postfix/rbl_lookup_hosts)0
-rw-r--r--postfix/smtpd_recipient_restrictions12
3 files changed, 25 insertions, 6 deletions
diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh
index a06ebac..6eaca24 100755
--- a/postfix/anti-uce.sh
+++ b/postfix/anti-uce.sh
@@ -1,12 +1,19 @@
-#!/bin/sh
+#!/bin/bash
-mapsfile="/etc/local-COMMON/postfix/rbl_lookup_hosts"
-maps=`cat $mapsfile | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/[, ]\+/,/g' -e 's/,$//'`
+set -e
-postconf -e "smtpd_helo_required = no" # Requiring Helo causes false positives, even for local daemons
+paramdir="/etc/local-COMMON/postfix"
+
+function getlinefromfile() {
+ param="$1"
+ echo -n "$param = "
+ cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/[, ]\+/,/g' -e 's/,$//'
+}
+
+postconf -e "smtpd_helo_required = yes"
postconf -e "permit_mx_backup_networks = /etc/local-COMMON/postfix/mx_networks"
-postconf -e "maps_rbl_domains = $maps"
-postconf -e "smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unknown_recipient_domain,reject_unauth_pipelining,permit_mynetworks,permit_mx_backup,reject_unauth_destination,reject_maps_rbl,reject"
+postconf -e "`getlinefromfile maps_rbl_domains`"
+postconf -e "`getlinefromfile smtpd_recipient_restrictions`"
/etc/init.d/postfix reload
diff --git a/postfix/rbl_lookup_hosts b/postfix/maps_rbl_domains
index 53ded7c..53ded7c 100644
--- a/postfix/rbl_lookup_hosts
+++ b/postfix/maps_rbl_domains
diff --git a/postfix/smtpd_recipient_restrictions b/postfix/smtpd_recipient_restrictions
new file mode 100644
index 0000000..ec48c9a
--- /dev/null
+++ b/postfix/smtpd_recipient_restrictions
@@ -0,0 +1,12 @@
+reject_invalid_hostname
+#reject_non_fqdn_hostname # These should only be enabled on a true mailhub (even some Debian daemons expect to be able to deliver to localhost)
+#reject_non_fqdn_sender
+#reject_non_fqdn_recipient
+reject_unknown_sender_domain
+reject_unknown_recipient_domain
+reject_unauth_pipelining
+permit_mynetworks
+permit_mx_backup
+reject_unauth_destination
+reject_maps_rbl
+reject # Not really needed, but just to be on the safe side...