postscreen implementation altered (#846)

* new setup.sh function, new tests, new script and some minor updates to main.cf * fix for missing files * removed obsolete test-files * restart postfix if neccessary. * see pr #845 * fixed typo * fixed branchmixup * changed postfix reload command & changed to operate on container instead of image * reload postfix only on adding new restriction * main.cf is only changed when user is added. - Postfix reload changed - working on container instead of image now in setup.sh - added cleanup after tests * moved cleanup to makefile
2025-08-04 01:55:29 +02:00 · 2018-02-18 13:29:43 +01:00 · 2018-02-18 13:29:43 +01:00 · 5e09074d58
commit 5e09074d58
parent 803dab12c6
7 changed files with 37 additions and 22 deletions
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@ -44,25 +44,25 @@ smtpd_helo_required = yes
 smtpd_delay_reject = yes
 smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-smtpd_recipient_restrictions = check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
+smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
 smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
-smtpd_sender_restrictions = check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf, permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
+smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
 disable_vrfy_command = yes

 # Postscreen settings to drop zombies/open relays/spam early
 postscreen_dnsbl_action = enforce
-postscreen_dnsbl_sites = zen.spamhaus.org*3 
-	bl.mailspike.net 
-	b.barracudacentral.org*2 
-	bl.spameatingmonkey.net 
-	bl.spamcop.net 
-	dnsbl.sorbs.net 
-	psbl.surriel.com 
-	list.dnswl.org=127.0.[0..255].0*-2 
-	list.dnswl.org=127.0.[0..255].1*-3 
-	list.dnswl.org=127.0.[0..255].[2..3]*-4                                        
-postscreen_dnsbl_threshold = 3                     
-postscreen_dnsbl_whitelist_threshold = -1          
+postscreen_dnsbl_sites = zen.spamhaus.org*3
+	bl.mailspike.net
+	b.barracudacentral.org*2
+	bl.spameatingmonkey.net
+	bl.spamcop.net
+	dnsbl.sorbs.net
+	psbl.surriel.com
+	list.dnswl.org=127.0.[0..255].0*-2
+	list.dnswl.org=127.0.[0..255].1*-3
+	list.dnswl.org=127.0.[0..255].[2..3]*-4
+postscreen_dnsbl_threshold = 3
+postscreen_dnsbl_whitelist_threshold = -1
 postscreen_greet_action = enforce
 postscreen_bare_newline_action = enforce