diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-05-07 12:21:57 -0300 |
---|---|---|
committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2012-05-07 12:21:57 -0300 |
commit | 54b254df2d50a1fae539db30db08d7c59d5537b8 (patch) | |
tree | 58c557b6c80037c9ee4124ce687797d1e7af1957 | |
parent | 6dc801f5a72cb1f8525f84ec75fd6ab2bc5c46b9 (diff) | |
download | pfsense-packages-54b254df2d50a1fae539db30db08d7c59d5537b8.tar.gz pfsense-packages-54b254df2d50a1fae539db30db08d7c59d5537b8.tar.bz2 pfsense-packages-54b254df2d50a1fae539db30db08d7c59d5537b8.zip |
postfix - change sender acl priority during header checks
-rw-r--r-- | config/postfix/postfix.inc | 17 | ||||
-rw-r--r-- | config/postfix/postfix_acl.xml | 9 |
2 files changed, 16 insertions, 10 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index d92e380f..93fae05a 100644 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -471,16 +471,16 @@ smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_ permit smtpd_recipient_restrictions = permit_mynetworks, + reject_unauth_destination, + reject_unauth_pipelining, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, + check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_invalid_helo_hostname, - reject_unknown_recipient_domain, reject_non_fqdn_helo_hostname, + reject_unknown_recipient_domain, reject_non_fqdn_recipient, - reject_unauth_destination, - reject_unauth_pipelining, reject_multi_recipient_bounce, - check_sender_access hash:/usr/local/etc/postfix/sender_access, SPFSPFSPFRBLRBLRBL EOF; @@ -500,14 +500,19 @@ smtpd_sender_restrictions = reject_unknown_sender_domain, RBLRBLRBL # Allow connections from specified local clients and rbl check everybody else if rbl check are set. -smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre, - check_client_access cidr:/usr/local/etc/postfix/cal_cidr, +smtpd_client_restrictions = reject_unauth_destination, + check_sender_access hash:/usr/local/etc/postfix/sender_access, + check_client_access pcre:/usr/local/etc/postfix/cal_pcre, + check_client_access cidr:/usr/local/etc/postfix/cal_cidr RBLRBLRBL # Whitelisting: local clients may specify any destination domain. #, smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, + check_sender_access hash:/usr/local/etc/postfix/sender_access, + check_client_access pcre:/usr/local/etc/postfix/cal_pcre, + check_client_access cidr:/usr/local/etc/postfix/cal_cidr, SPFSPFSPFRBLRBLRBL EOF; diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml index 2a2b4633..efc72721 100644 --- a/config/postfix/postfix_acl.xml +++ b/config/postfix/postfix_acl.xml @@ -118,13 +118,14 @@ <fielddescr>Sender</fielddescr> <fieldname>sender_access</fieldname> <description><![CDATA[<strong>HASH filters</strong> that implements whitelisting and blacklisting of full or partial email addresses and domains as specified in the MAIL FROM field :<br> - myfriend@example.com OK<br> + myfriend@example.com DUNNO<br> junk@spam.com REJECT<br> marketing@ REJECT<br> - theboss@ OK<br> + theboss@ DUNNO<br> deals.marketing.com REJECT<br> - somedomain.com OK<br> - See http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions for more help]]> + somedomain.com DUNNO<br><br> + See http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions for more help<br> + <strong>Note: a result of "OK" in this field is not allowed/wanted for safety reasons(it may accept forged senders as it will not do other spam checks). Instead, use DUNNO in order to exclude specific hosts from blacklists.</strong>]]> </description> <type>textarea</type> <cols>83</cols> |