From 6cc2275d54defcf020891dcbd76c6cc2e18d0544 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 8 Oct 2020 17:01:43 +0200
Subject: modernize filter settings - specifically receive_override_options;
 fix disable filter when amavis unavailabe

---
 postfix/postfix.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'postfix')

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index 0c306d7..00d0f48 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -345,10 +345,11 @@ EOF
 	-o smtpd_hard_error_limit=1000
 	-o smtpd_client_connection_count_limit=0
 	-o smtpd_client_connection_rate_limit=0
-	-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
+	-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
 EOF
 	if [ -n "$dkimproxy" ]; then
 		$postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10028'
+		$postconf -c "$tempdir" -e receive_override_options=no_address_mappings
 		addoroverwritewithindents $tempdir/master.cf '^submission\h' << EOF
 submission inet	n	-	n	-	-	smtpd
 	-o syslog_name=postfix/submission
@@ -369,7 +370,7 @@ EOF
 		addoroverwritewithindents $tempdir/master.cf '^127\.0\.0\.1:10029\h' << EOF
 127.0.0.1:10029 inet n	-	n	-	-	smtpd
 	-o content_filter=
-	-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
+	-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
 	-o smtpd_helo_restrictions=
 	-o smtpd_client_restrictions=
 	-o smtpd_sender_restrictions=
@@ -379,6 +380,7 @@ EOF
 EOF
 	else
 		$postconf -c "$tempdir" -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
+		$postconf -c "$tempdir" -e 'receive_override_options = no_address_mappings'
 		addoroverwritewithindents $tempdir/master.cf '^submission\h' << EOF
 submission inet	n	-	n	-	-	smtpd
 	-o syslog_name=postfix/submission
@@ -390,6 +392,9 @@ EOF
 pickup	fifo	n	-	-	60	1	pickup
 EOF
 	fi
+else
+	$postconf -c "$tempdir" -e content_filter=
+	$postconf -c "$tempdir" -e receive_override_options=
 fi
 
 diff -ruN "$confdir" "$tempdir" || if [ $? -gt 1 ]; then exit $?; else needs_reload="1"; fi
@@ -441,7 +446,8 @@ fi
 # Support for trusted MX backup networks added
 # PCRE stuff avoided, as PCRE is only optional on newest Debian packages
 # RBLs replaced with those recommended by http://www.antispews.org/
-# AMaViS tweaks as documented in amavisd-new package
+# spam filter based on this: http://www.postfix.org/FILTER_README.html
+#   adapted to use AMaViS on port 10024
 # AUTH-SMTP based on this: http://www.postfix.org/SASL_README.html
 
 # Here's a convenient overview of different blackholes:
-- 
cgit v1.2.3