From 56c7578b33e8c56dbbd0f53e6c4e52cab0f0b7db Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Tue, 29 Aug 2006 20:57:52 +0000 Subject: Enable greylisting, or fail hard if postgrey not installed. --- postfix/postfix.sh | 14 ++++++++++++-- postfix/smtpd_recipient_restrictions | 10 +++++----- 2 files changed, 17 insertions(+), 7 deletions(-) (limited to 'postfix') diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 370570b..c04d773 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -3,7 +3,7 @@ # /etc/local-COMMON/postfix/postfix.sh # Copyright 2002-2004 Jonas Smedegaard # -# $Id: postfix.sh,v 1.31 2006-02-10 10:31:18 jonas Exp $ +# $Id: postfix.sh,v 1.32 2006-08-29 20:57:52 jonas Exp $ # # Auto-tweak plain installed postfix Debian package # @@ -36,6 +36,16 @@ else echo " (on Debian: install the package postfix-tls)" fi # FIXME: We really want to check for at least 2.1.1 but that's tricky... +postgrey= +if [ -x /usr/sbin/postgrey ]; then + # FIXME: Use this somehow, and only warn below + postgrey=1 +else + echo "ERROR: Greylisting support missing." + echo " (on Debian: install the package postgrey)" + exit 1 +fi +# FIXME: We really want to check for at least 2.1.1 but that's tricky... sasl2= if saslauthd -v 2>&1 | grep -q '^saslauthd 2.1'; then sasl2=1 @@ -78,7 +88,7 @@ function getlinesfromfile() { replacements="$replacements;s/$oldparam/$newstring/" done echo -n "$param = " - cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr '\n' ',' | sed -e 's/^[, ]*//;s/[, ]\+/,/g' -e "s/,\$//$replacements" + cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr '\n' ',' | sed -e 's/^[, ]*//;s/[, ]\+/,/g' -e 's/\$/ /g' -e "s/,\$//$replacements" } # Inspired by D. J. Bernstein: http://cr.yp.to/smtp/greeting.html diff --git a/postfix/smtpd_recipient_restrictions b/postfix/smtpd_recipient_restrictions index 8681d7d..241c975 100644 --- a/postfix/smtpd_recipient_restrictions +++ b/postfix/smtpd_recipient_restrictions @@ -3,15 +3,15 @@ # # Used by tweak script postfix.sh # -# $Id: smtpd_recipient_restrictions,v 1.7 2006-07-26 17:50:18 jonas Exp $ +# $Id: smtpd_recipient_restrictions,v 1.8 2006-08-29 20:57:52 jonas Exp $ # reject_unknown_recipient_domain -permit_mynetworks # Move this below FQDN-checks on a "true mailhub" - some Debian daemons send to "localhost" -permit_sasl_authenticated # Silently ignored if TLS not in use +permit_mynetworks # Move this below FQDN-checks on a "true mailhub" - some Debian daemons send to "localhost" +permit_sasl_authenticated # Silently ignored if TLS not in use reject_non_fqdn_recipient permit_mx_backup reject_unauth_destination -#check_policy_service inet:127.0.0.1:60000 # Activate greylisting (do it manually for now - spaces not supported here... :-( ) -reject_maps_rbl # Activate Realtime Blackhole Lists (with Postfix 2.x, expanded to content of file maps_rbl_domains) +check_policy_service$inet:127.0.0.1:60000 # Activate greylisting (if installed on system, else fail!) +reject_maps_rbl # Activate Realtime Blackhole Lists (with Postfix 2.x, expanded to content of file maps_rbl_domains) permit -- cgit v1.2.3