From 54b254df2d50a1fae539db30db08d7c59d5537b8 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Mon, 7 May 2012 12:21:57 -0300 Subject: postfix - change sender acl priority during header checks --- config/postfix/postfix.inc | 17 +++++++++++------ config/postfix/postfix_acl.xml | 9 +++++---- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index d92e380f..93fae05a 100644 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -471,16 +471,16 @@ smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_ permit smtpd_recipient_restrictions = permit_mynetworks, + reject_unauth_destination, + reject_unauth_pipelining, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, + check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_invalid_helo_hostname, - reject_unknown_recipient_domain, reject_non_fqdn_helo_hostname, + reject_unknown_recipient_domain, reject_non_fqdn_recipient, - reject_unauth_destination, - reject_unauth_pipelining, reject_multi_recipient_bounce, - check_sender_access hash:/usr/local/etc/postfix/sender_access, SPFSPFSPFRBLRBLRBL EOF; @@ -500,14 +500,19 @@ smtpd_sender_restrictions = reject_unknown_sender_domain, RBLRBLRBL # Allow connections from specified local clients and rbl check everybody else if rbl check are set. -smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre, - check_client_access cidr:/usr/local/etc/postfix/cal_cidr, +smtpd_client_restrictions = reject_unauth_destination, + check_sender_access hash:/usr/local/etc/postfix/sender_access, + check_client_access pcre:/usr/local/etc/postfix/cal_pcre, + check_client_access cidr:/usr/local/etc/postfix/cal_cidr RBLRBLRBL # Whitelisting: local clients may specify any destination domain. #, smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, + check_sender_access hash:/usr/local/etc/postfix/sender_access, + check_client_access pcre:/usr/local/etc/postfix/cal_pcre, + check_client_access cidr:/usr/local/etc/postfix/cal_cidr, SPFSPFSPFRBLRBLRBL EOF; diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml index 2a2b4633..efc72721 100644 --- a/config/postfix/postfix_acl.xml +++ b/config/postfix/postfix_acl.xml @@ -118,13 +118,14 @@ Sender sender_access HASH filters that implements whitelisting and blacklisting of full or partial email addresses and domains as specified in the MAIL FROM field :
- myfriend@example.com OK
+ myfriend@example.com DUNNO
junk@spam.com REJECT
marketing@ REJECT
- theboss@ OK
+ theboss@ DUNNO
deals.marketing.com REJECT
- somedomain.com OK
- See http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions for more help]]> + somedomain.com DUNNO

+ See http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions for more help
+ Note: a result of "OK" in this field is not allowed/wanted for safety reasons(it may accept forged senders as it will not do other spam checks). Instead, use DUNNO in order to exclude specific hosts from blacklists.]]>
textarea 83 -- cgit v1.2.3