#!/bin/sh

mapsfile="/etc/local-COMMON/postfix/rbl_lookup_hosts"
maps=`cat $mapsfile | grep -v '^#' | sed 's/#.*//' | tr "\n" "," | sed -e 's/[, ]\+/,/g' -e 's/,$//'`

postconf -e "smtpd_helo_required = yes"
postconf -e "permit_mx_backup_networks = /etc/local-COMMON/postfix/mx_networks"
postconf -e "maps_rbl_domains = $maps"
postconf -e "smtpd_recipient_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unknown_recipient_domain,reject_unauth_pipelining,permit_mynetworks,permit_mx_backup,reject_unauth_destination,reject_maps_rbl,reject"

/etc/init.d/postfix reload

# Based on this: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
# Support fortrusted MX backup networks added
# PCRE stuff avoided,as PCRE is only optional on newest Debian packages
# RBLs replaced with those recommended by http://www.antispews.org/

# Here's a convenient overview of different blackholes:
#   http://rbls.org/