Late rejects and more hostname restrictions

2021-01-07 17:56:40 +00:00 · 2021-01-07 17:56:40 +00:00 · 09aa89ca50
parent fa98269ac9
commit 09aa89ca50
3 changed files with 7 additions and 5 deletions
--- a/configs/postfix/APKBUILD
+++ b/configs/postfix/APKBUILD
@ -2,7 +2,7 @@
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-postfix
 pkgver=2021.01.07
-pkgrel=2
+pkgrel=3
 pkgdesc="Postfix configuration files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
@ -24,7 +24,7 @@ package() {
 	install -Dm644 pgsql-users.cf "$pkgdir"/etc/postfix/redxen/pgsql-users.cf
 }

-sha512sums="e90b800f4be6ccaae76fa0bb9037005820c1a1aa1da7ed1e23cecb87a59b43901aa6a684445348c8f66c09d9e1a1de46818b57ae164f35ce4a1ae5363b12cc63  master.cf
-761c774435813be60d6f0bf0d71742c270fc7d3c760922dec172653dc70dd2bdae4d79a0f019ea7c9c59063280d78b500200cecce47a45fc000b318d546cd386  main.cf
+sha512sums="0010244dc6fab37310c9ae14428309331842d6c25e46ec38c29487bddce768bf6fd01f411fe809a200872084502778b5f5d4a98ddc4909aefd60831859ff8ff1  master.cf
+5d770466b4c31270295729e874aaaecfcf0e82c76c00b0573f0436a1a9c57034895786bf9bb7169f009e719401db47787f915bba8348aa2453f8681bba8d397c  main.cf
 a1778901dbc12de543d9d5897b9d50ee5ebe47b7ef6ed87a0087249657f146ff8493de455d32016660cca3c8d669592e0ea9fbe9b6696d92cac6f014277f29e5  pgsql-aliases.cf
 72c50fe20b4d1a7ea2e60fb2cac0164814ab41011eb7f0d67a8a5715a0cc43d3ad573f198a7933eb130f68ec5c25c558fad791300e5bb25e020ca76a4303db4c  pgsql-users.cf"
--- a/configs/postfix/main.cf
+++ b/configs/postfix/main.cf
@ -30,6 +30,7 @@ smtp_tls_CApath = /etc/ssl/certs
 smtp_tls_security_level = may

 smtpd_use_tls = yes
+smtpd_delay_reject = yes
 smtpd_tls_cert_file = /etc/ssl/redxen/letsencrypt/chain.crt
 smtpd_tls_key_file = /etc/ssl/redxen/letsencrypt/private.key
 smtpd_tls_security_level = may
@ -48,7 +49,8 @@ smtpd_recipient_restrictions = permit_sasl_authenticated,
                               reject_rhsbl_client dbl.spamhaus.org,
                               reject_rhsbl_reverse_client dbl.spamhaus.org,
                               reject_rhsbl_sender dbl.spamhaus.org
-smtpd_helo_restrictions      = reject_rhsbl_helo dbl.spamhaus.org
+smtpd_helo_restrictions      = reject_unknown_helo_hostname,
+                               reject_rhsbl_helo dbl.spamhaus.org

 # Dovecot LMTP
 mailbox_transport = lmtp:unix:/run/dovecot/lmtp
--- a/configs/postfix/master.cf
+++ b/configs/postfix/master.cf
@ -5,11 +5,11 @@
 submission inet n       -       y       -       -       smtpd
 	-o smtpd_sasl_auth_enable=yes
 	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
+	-o smtpd_sasl_security_options=noanonymous
 smtp      inet  n       -       y       -       -       smtpd
 	-o smtpd_sasl_auth_enable=yes
 smtps     inet  n       -       y       -       -       smtpd
 	-o smtpd_sasl_auth_enable=yes
-	-o syslog_name=postfix/$service_name
 	-o smtpd_tls_wrappermode=yes
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup