I think that Postfix part is done. But, there'll be any future fixes I'm sure. Now, it's time for Dovecot.
This commit is contained in:
parent
71b1e0bbad
commit
c71159b036
@ -166,17 +166,12 @@ block article
|
|||||||
p #[code smtpd_tls_received_header] makes Postfix include information about the protocol and cypher used to a Received: header.
|
p #[code smtpd_tls_received_header] makes Postfix include information about the protocol and cypher used to a Received: header.
|
||||||
p #[code smtpd_tls_session_cache_timeout] is for how long to store session. #[code tls_random_source] is for setting an entropy source.
|
p #[code smtpd_tls_session_cache_timeout] is for how long to store session. #[code tls_random_source] is for setting an entropy source.
|
||||||
p The final part is my "favorite". :) The restrictions! There is a set of them for each stage the message falls through. Here's the ones I configured:#[code smtpd_helo_restrictions], #[code smtpd_relay_restrictions], #[code smtpd_data_restrictions], #[code smtpd_sender_restrictions], and #[code smtpd_recipient_restrictions].
|
p The final part is my "favorite". :) The restrictions! There is a set of them for each stage the message falls through. Here's the ones I configured:#[code smtpd_helo_restrictions], #[code smtpd_relay_restrictions], #[code smtpd_data_restrictions], #[code smtpd_sender_restrictions], and #[code smtpd_recipient_restrictions].
|
||||||
p So lets roll.
|
p So lets roll. This my working restrictions setup:
|
||||||
pre
|
pre
|
||||||
| smtpd_helo_restrictions =
|
| smtpd_helo_restrictions =
|
||||||
| reject_unknown_helo_hostname,
|
| reject_unknown_helo_hostname,
|
||||||
| reject_invalid_helo_hostname,
|
| reject_invalid_helo_hostname,
|
||||||
| reject_non_fqdn_helo_hostname
|
| reject_non_fqdn_helo_hostname
|
||||||
pre
|
|
||||||
| smtpd_relay_restrictions =
|
|
||||||
| permit_mynetworks,
|
|
||||||
| permit_sasl_authenticated,
|
|
||||||
| reject_unauth_destination
|
|
||||||
pre
|
pre
|
||||||
| smtpd_data_restrictions =
|
| smtpd_data_restrictions =
|
||||||
| reject_multi_recipient_bounce,
|
| reject_multi_recipient_bounce,
|
||||||
@ -190,6 +185,10 @@ block article
|
|||||||
| smtpd_recipient_restrictions =
|
| smtpd_recipient_restrictions =
|
||||||
| reject_unknown_recipient_domain,
|
| reject_unknown_recipient_domain,
|
||||||
| reject_non_fqdn_recipient
|
| reject_non_fqdn_recipient
|
||||||
|
p In order to explain what every restriction does I'd have to copy-paste from #[code man 5 postconf]. :)
|
||||||
|
p The first set of restrictions are for HELO or EHLO command, that we force the client to send with priorly set option #[code smtpd_helo_required] to yes. Here #[code reject_unknown_helo_hostname] rejects hostnames that doesn't have DNS A or MX records. #[code reject_invalid_helo_hostname] rejects malformed hostnames, and #[code reject_non_fqdn_helo_hostname] ensures that the hostname is a fully-qualified domain name.
|
||||||
|
p The second one are for DATA command. And here man page is better than me at explaining it. Here is the link for #[a(href='http://www.postfix.org/postconf.5.html#reject_multi_recipient_bounce') reject_multi_recipient_bounce] and #[a(href='http://www.postfix.org/postconf.5.html#reject_unauth_pipelining') reject_unauth_pipelining]. All I can say is that it is better to have them than not to. :)
|
||||||
|
p The rest is simpler, #[code permit_sasl_authenticated] in #[code smtpd_sender_restrictions] accepts the senders that were authenticated by SALS (e.g. Dovecot or Cyrus). And all the #[code reject_unknown_*] and #[code reject_non_fqdn_*] has the same meaning as for theirs *_helo_* counterparts, just used in theirs specific places.
|
||||||
|
|
||||||
h4#art-3-2 #[a(href='#art-3-2') 3.2. master.cf]
|
h4#art-3-2 #[a(href='#art-3-2') 3.2. master.cf]
|
||||||
p The following services are needed: #[code smtp], #[code submission], #[code smtps], and we add #[code spamassassin] service. The rest in this file left untouchable.
|
p The following services are needed: #[code smtp], #[code submission], #[code smtps], and we add #[code spamassassin] service. The rest in this file left untouchable.
|
||||||
@ -321,7 +320,7 @@ block article
|
|||||||
| TrustedAuthservIDs mail.example.org,example.org
|
| TrustedAuthservIDs mail.example.org,example.org
|
||||||
| UMask 002
|
| UMask 002
|
||||||
p What's in a #[code Socket] option should be added to Postfix's #[code smtpd_milters] and #[code non_smtpd_milters].
|
p What's in a #[code Socket] option should be added to Postfix's #[code smtpd_milters] and #[code non_smtpd_milters].
|
||||||
p Creating DMARC DNS record covered in <a href="#art-7-4">7.4</a>.
|
p Creating DMARC DNS record covered in <a href="#art-8-4">8.4</a>.
|
||||||
|
|
||||||
h3#art-8 #[a(href='#art-8') 8. DNS records]
|
h3#art-8 #[a(href='#art-8') 8. DNS records]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user