aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2012-05-07 12:21:57 -0300
committerMarcello Coutinho <marcellocoutinho@gmail.com>2012-05-07 12:21:57 -0300
commit54b254df2d50a1fae539db30db08d7c59d5537b8 (patch)
tree58c557b6c80037c9ee4124ce687797d1e7af1957
parent6dc801f5a72cb1f8525f84ec75fd6ab2bc5c46b9 (diff)
downloadpfsense-packages-54b254df2d50a1fae539db30db08d7c59d5537b8.tar.gz
pfsense-packages-54b254df2d50a1fae539db30db08d7c59d5537b8.tar.bz2
pfsense-packages-54b254df2d50a1fae539db30db08d7c59d5537b8.zip
postfix - change sender acl priority during header checks
-rw-r--r--config/postfix/postfix.inc17
-rw-r--r--config/postfix/postfix_acl.xml9
2 files changed, 16 insertions, 10 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc
index d92e380f..93fae05a 100644
--- a/config/postfix/postfix.inc
+++ b/config/postfix/postfix.inc
@@ -471,16 +471,16 @@ smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_
permit
smtpd_recipient_restrictions = permit_mynetworks,
+ reject_unauth_destination,
+ reject_unauth_pipelining,
check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
+ check_sender_access hash:/usr/local/etc/postfix/sender_access,
reject_invalid_helo_hostname,
- reject_unknown_recipient_domain,
reject_non_fqdn_helo_hostname,
+ reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
- reject_unauth_destination,
- reject_unauth_pipelining,
reject_multi_recipient_bounce,
- check_sender_access hash:/usr/local/etc/postfix/sender_access,
SPFSPFSPFRBLRBLRBL
EOF;
@@ -500,14 +500,19 @@ smtpd_sender_restrictions = reject_unknown_sender_domain,
RBLRBLRBL
# Allow connections from specified local clients and rbl check everybody else if rbl check are set.
-smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
- check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
+smtpd_client_restrictions = reject_unauth_destination,
+ check_sender_access hash:/usr/local/etc/postfix/sender_access,
+ check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
+ check_client_access cidr:/usr/local/etc/postfix/cal_cidr
RBLRBLRBL
# Whitelisting: local clients may specify any destination domain.
#,
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
+ check_sender_access hash:/usr/local/etc/postfix/sender_access,
+ check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
+ check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
SPFSPFSPFRBLRBLRBL
EOF;
diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml
index 2a2b4633..efc72721 100644
--- a/config/postfix/postfix_acl.xml
+++ b/config/postfix/postfix_acl.xml
@@ -118,13 +118,14 @@
<fielddescr>Sender</fielddescr>
<fieldname>sender_access</fieldname>
<description><![CDATA[<strong>HASH filters</strong> that implements whitelisting and blacklisting of full or partial email addresses and domains as specified in the MAIL FROM field :<br>
- myfriend@example.com OK<br>
+ myfriend@example.com DUNNO<br>
junk@spam.com REJECT<br>
marketing@ REJECT<br>
- theboss@ OK<br>
+ theboss@ DUNNO<br>
deals.marketing.com REJECT<br>
- somedomain.com OK<br>
- See http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions for more help]]>
+ somedomain.com DUNNO<br><br>
+ See http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions for more help<br>
+ <strong>Note: a result of "OK" in this field is not allowed/wanted for safety reasons(it may accept forged senders as it will not do other spam checks). Instead, use DUNNO in order to exclude specific hosts from blacklists.</strong>]]>
</description>
<type>textarea</type>
<cols>83</cols>