From dfe86699095d878571810193c40807d7e4b82a83 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 8 Dec 2002 21:42:03 +0000
Subject: Generalize script... Disable fqdn checks - they make legitimate mail
 from local daemons fail.

---
 postfix/anti-uce.sh                  | 19 +++++++++++++------
 postfix/maps_rbl_domains             |  9 +++++++++
 postfix/rbl_lookup_hosts             |  9 ---------
 postfix/smtpd_recipient_restrictions | 12 ++++++++++++
 4 files changed, 34 insertions(+), 15 deletions(-)
 create mode 100644 postfix/maps_rbl_domains
 delete mode 100644 postfix/rbl_lookup_hosts
 create mode 100644 postfix/smtpd_recipient_restrictions

(limited to 'postfix')

diff --git a/postfix/anti-uce.sh b/postfix/anti-uce.sh
index a06ebac..6eaca24 100755
--- a/postfix/anti-uce.sh
+++ b/postfix/anti-uce.sh
@@ -1,12 +1,19 @@
-#!/bin/sh
+#!/bin/bash
 
-mapsfile="/etc/local-COMMON/postfix/rbl_lookup_hosts"
-maps=`cat $mapsfile | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/[, ]\+/,/g' -e 's/,$//'`
+set -e
 
-postconf -e "smtpd_helo_required = no" # Requiring Helo causes false positives, even for local daemons
+paramdir="/etc/local-COMMON/postfix"
+
+function getlinefromfile() {
+	param="$1"
+	echo -n "$param = "
+	cat $paramdir/$param | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/[, ]\+/,/g' -e 's/,$//'
+}
+
+postconf -e "smtpd_helo_required = yes"
 postconf -e "permit_mx_backup_networks = /etc/local-COMMON/postfix/mx_networks"
-postconf -e "maps_rbl_domains = $maps"
-postconf -e "smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unknown_recipient_domain,reject_unauth_pipelining,permit_mynetworks,permit_mx_backup,reject_unauth_destination,reject_maps_rbl,reject"
+postconf -e "`getlinefromfile maps_rbl_domains`"
+postconf -e "`getlinefromfile smtpd_recipient_restrictions`"
 
 /etc/init.d/postfix reload
 
diff --git a/postfix/maps_rbl_domains b/postfix/maps_rbl_domains
new file mode 100644
index 0000000..53ded7c
--- /dev/null
+++ b/postfix/maps_rbl_domains
@@ -0,0 +1,9 @@
+#relays.visi.com
+bl.spamcop.net
+list.dsbl.org
+multihop.dsbl.org
+relays.ordb.org
+spam.dnsrbl.net
+#inputs.relays.osirusoft.com
+#dialups.relays.osirusoft.com
+#spews.relays.osirusoft.com # spews is bad: http://www.antispews.org/
diff --git a/postfix/rbl_lookup_hosts b/postfix/rbl_lookup_hosts
deleted file mode 100644
index 53ded7c..0000000
--- a/postfix/rbl_lookup_hosts
+++ /dev/null
@@ -1,9 +0,0 @@
-#relays.visi.com
-bl.spamcop.net
-list.dsbl.org
-multihop.dsbl.org
-relays.ordb.org
-spam.dnsrbl.net
-#inputs.relays.osirusoft.com
-#dialups.relays.osirusoft.com
-#spews.relays.osirusoft.com # spews is bad: http://www.antispews.org/
diff --git a/postfix/smtpd_recipient_restrictions b/postfix/smtpd_recipient_restrictions
new file mode 100644
index 0000000..ec48c9a
--- /dev/null
+++ b/postfix/smtpd_recipient_restrictions
@@ -0,0 +1,12 @@
+reject_invalid_hostname
+#reject_non_fqdn_hostname # These should only be enabled on a true mailhub (even some Debian daemons expect to be able to deliver to localhost)
+#reject_non_fqdn_sender
+#reject_non_fqdn_recipient
+reject_unknown_sender_domain
+reject_unknown_recipient_domain
+reject_unauth_pipelining
+permit_mynetworks
+permit_mx_backup
+reject_unauth_destination
+reject_maps_rbl
+reject # Not really needed, but just to be on the safe side...
-- 
cgit v1.2.3