mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-08-03 17:44:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

config/ENV: improve Postfix config for spoof protection (#3127)

Browse source
This commit is contained in:
Georg Lauterbach 2023-03-03 15:55:32 +01:00 committed by GitHub
parent aa4d4fe315
commit 5ec6845c96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 17 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

7
target/postfix/main.cf
View file

@ -50,9 +50,14 @@ smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permi
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_unknown_client_hostname
smtpd_sender_restrictions = $dms_smtpd_sender_restrictions
disable_vrfy_command = yes
# Custom defined parameters for DMS:
dms_smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_unknown_client_hostname
# Submission ports 587 and 465 support for SPOOF_PROTECTION=1
mua_sender_restrictions = reject_authenticated_sender_login_mismatch, $dms_smtpd_sender_restrictions
# Postscreen settings to drop zombies/open relays/spam early
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites =

2
target/postfix/master.cf
View file

@ -24,6 +24,7 @@ submission inet n - n - - smtpd
-o smtpd_sasl_authenticated_header=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o milter_macro_daemon_name=ORIGINATING
-o cleanup_service_name=sender-cleanup
@ -37,6 +38,7 @@ smtps inet n - n - - smtpd
-o smtpd_sasl_authenticated_header=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o milter_macro_daemon_name=ORIGINATING
-o cleanup_service_name=sender-cleanup