From c12c8c381b2286f4531384e3344e333790118115 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Wed, 11 Dec 2002 15:58:22 +0000 Subject: Include MX backup hosts directly in config file (instead of referring to file in /etc/local-COMMON/). Rename MX backup hosts file to be in line with other options (but leave the old file in place for now). Rename function to getlineSfromfile. Minor typos in comments. Strip leading comma. Enable FQDN checks again - but first allow localdomains through (to allow Debian daemons sending to default domain). --- postfix/anti-uce.sh | 14 +++++++------- postfix/purge-spam-from-queue.sh | 7 +++++++ postfix/smtpd_recipient_restrictions | 9 +++++---- 3 files changed, 19 insertions(+), 11 deletions(-) create mode 100755 postfix/purge-spam-from-queue.sh diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh index 6eaca24..2aaf068 100755 --- a/postfix/anti-uce.sh +++ b/postfix/anti-uce.sh @@ -4,22 +4,22 @@ set -e paramdir="/etc/local-COMMON/postfix" -function getlinefromfile() { +function getlinesfromfile() { param="$1" echo -n "$param = " - cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/[, ]\+/,/g' -e 's/,$//' + cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/^[, ]*//' -e 's/[, ]\+/,/g' -e 's/,$//' } postconf -e "smtpd_helo_required = yes" -postconf -e "permit_mx_backup_networks = /etc/local-COMMON/postfix/mx_networks" -postconf -e "`getlinefromfile maps_rbl_domains`" -postconf -e "`getlinefromfile smtpd_recipient_restrictions`" +postconf -e "`getlinesfromfile permit_mx_backup_networks`" +postconf -e "`getlinesfromfile maps_rbl_domains`" +postconf -e "`getlinesfromfile smtpd_recipient_restrictions`" /etc/init.d/postfix reload # Based on this: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt -# Support fortrusted MX backup networks added -# PCRE stuff avoided,as PCRE is only optional on newest Debian packages +# Support for trusted MX backup networks added +# PCRE stuff avoided, as PCRE is only optional on newest Debian packages # RBLs replaced with those recommended by http://www.antispews.org/ # Here's a convenient overview of different blackholes: diff --git a/postfix/purge-spam-from-queue.sh b/postfix/purge-spam-from-queue.sh new file mode 100755 index 0000000..b03eac3 --- /dev/null +++ b/postfix/purge-spam-from-queue.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +badmails=`mailq | egrep -v '^( |$)' | egrep '@(earthlink\.net|yahoo\.com|excite\.com|hotmail\.com)' | sed 's/[^[:alnum:]].*//'` + +for x in $badmails; do + postsuper -d $x +done diff --git a/postfix/smtpd_recipient_restrictions b/postfix/smtpd_recipient_restrictions index ec48c9a..890db14 100644 --- a/postfix/smtpd_recipient_restrictions +++ b/postfix/smtpd_recipient_restrictions @@ -1,11 +1,12 @@ reject_invalid_hostname -#reject_non_fqdn_hostname # These should only be enabled on a true mailhub (even some Debian daemons expect to be able to deliver to localhost) -#reject_non_fqdn_sender -#reject_non_fqdn_recipient +permit_mynetworks # Move this below FQDN-checks on a "true mailhub" - some Debian daemons send to localhost +reject_non_fqdn_hostname +reject_non_fqdn_sender +reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain reject_unauth_pipelining -permit_mynetworks +#permit_mynetworks # Moved to top to allow Debian daemons sending to localhost permit_mx_backup reject_unauth_destination reject_maps_rbl -- cgit v1.2.3