summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorccsmart <ccsmart@smartpal.de>2007-01-16 21:30:07 +0000
committerccsmart <ccsmart@smartpal.de>2007-01-16 21:30:07 +0000
commit3ece40d97404fee166524620420ae2f051b384d2 (patch)
tree2cc9c407f646889807144ecf09ed00ef34a59780
parentccbc3685b5baf90cd59e5eefeccbee784b9967ee (diff)
postfix: Updating and improving configuration. This should cut off about 75% typical spamload before it enters the system.
-rw-r--r--packages/postfix/files/internal_recipient2
-rw-r--r--packages/postfix/files/main.cf_2.063
-rw-r--r--packages/postfix/files/volatiles30
-rw-r--r--packages/postfix/postfix_2.0.20.bb4
4 files changed, 83 insertions, 16 deletions
diff --git a/packages/postfix/files/internal_recipient b/packages/postfix/files/internal_recipient
new file mode 100644
index 0000000000..0d11944beb
--- /dev/null
+++ b/packages/postfix/files/internal_recipient
@@ -0,0 +1,2 @@
+root@ permit_mynetworks,reject
+
diff --git a/packages/postfix/files/main.cf_2.0 b/packages/postfix/files/main.cf_2.0
index 002f681217..1a6ddabbf3 100644
--- a/packages/postfix/files/main.cf_2.0
+++ b/packages/postfix/files/main.cf_2.0
@@ -2,6 +2,7 @@
cat <<EOF
# Configure your domain and accounts
mydomain=sample.com
+mynetworks = 127.0.0.1/32 192.168.1.0/24
virtual_mailbox_domains = sample.com, other.net
virtual_mailbox_maps = hash:/etc/postfix/virtual
@@ -35,4 +36,66 @@ debug_peer_level = 2
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
+
+smtpd_data_restrictions =
+ permit_mynetworks,
+ reject_unauth_pipelining,
+ permit
+
+smtpd_client_restrictions =
+ permit_mynetworks,
+ # reject_unknown_client, # This can cause a lot of false rejects.
+ reject_invalid_hostname,
+ reject_rbl_client list.dsbl.org,
+ reject_rbl_client sbl.spamhaus.org,
+ reject_rbl_client cbl.abuseat.org,
+ reject_rbl_client dul.dnsbl.sorbs.net,
+ permit
+
+smtpd_helo_required = yes
+smtpd_helo_restrictions =
+ permit_mynetworks,
+ reject_unauth_pipelining,
+ # reject_non_fqdn_hostname, # This can cause a lot of false rejects.
+ # reject_unknown_hostname, # This can cause a lot of false rejects.
+ reject_invalid_hostname,
+ permit
+
+smtpd_sender_restrictions =
+ permit_mynetworks,
+ reject_non_fqdn_sender,
+ # check_sender_access hash:/etc/postfix/access_domains,
+ reject_unknown_sender_domain,
+ permit
+
+smtpd_recipient_restrictions =
+ permit_mynetworks,
+ permit_sasl_authenticated,
+ reject_unauth_destination,
+
+ # check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
+ # check_helo_access pcre:/etc/postfix/helo_checks.pcre,
+
+ # check_client_access hash:/etc/postfix/maps/access_client,
+ # check_client_access hash:/etc/postfix/maps/exceptions_client,
+ # check_helo_access hash:/etc/postfix/maps/access_helo,
+ # check_helo_access hash:/etc/postfix/maps/verify_helo,
+ # check_sender_access hash:/etc/postfix/maps/access_sender,
+ # check_sender_access hash:/etc/postfix/maps/verify_sender,
+ # check_recipient_access hash:/etc/postfix/maps/access_recipient,
+
+ # reject_multi_recipient_bounce,
+ reject_non_fqdn_recipient,
+ reject_unknown_recipient_domain,
+ # reject_unlisted_recipient,
+ #check_policy_service unix:private/policy,
+
+ # check_sender_access hash:/etc/postfix/maps/no_verify_sender,
+ # check_sender_access hash:/etc/postfix/access_domains,
+ # reject_unverified_sender,
+ # reject_unverified_recipient
+ check_recipient_access hash:/etc/postfix/internal_recipient
+
+disable_vrfy_command = yes
+
EOF
diff --git a/packages/postfix/files/volatiles b/packages/postfix/files/volatiles
index cb111cd4c0..bc330c99bd 100644
--- a/packages/postfix/files/volatiles
+++ b/packages/postfix/files/volatiles
@@ -1,15 +1,15 @@
-d postfix nogroup 2755 /var/spool/mail
-d root postfix 0755 /var/spool/postfix
-d postfix root 0700 /var/spool/postfix/active
-d postfix root 0700 /var/spool/postfix/bounce
-d postfix root 0700 /var/spool/postfix/corrupt
-d postfix root 0700 /var/spool/postfix/defer
-d postfix root 0700 /var/spool/postfix/deferred
-d postfix root 0700 /var/spool/postfix/flush
-d postfix root 0700 /var/spool/postfix/hold
-d postfix root 0700 /var/spool/postfix/incoming
-d postfix postdrop 0730 /var/spool/postfix/maildrop
-d root root 0755 /var/spool/postfix/pid
-d postfix root 0700 /var/spool/postfix/private
-d postfix postdrop 0710 /var/spool/postfix/public
-d root root 0755 /var/spool/vmail
+d postfix nogroup 2755 /var/spool/mail none
+d root postfix 0755 /var/spool/postfix none
+d postfix root 0700 /var/spool/postfix/active none
+d postfix root 0700 /var/spool/postfix/bounce none
+d postfix root 0700 /var/spool/postfix/corrupt none
+d postfix root 0700 /var/spool/postfix/defer none
+d postfix root 0700 /var/spool/postfix/deferred none
+d postfix root 0700 /var/spool/postfix/flush none
+d postfix root 0700 /var/spool/postfix/hold none
+d postfix root 0700 /var/spool/postfix/incoming none
+d postfix postdrop 0730 /var/spool/postfix/maildrop none
+d root root 0755 /var/spool/postfix/pid none
+d postfix root 0700 /var/spool/postfix/private none
+d postfix postdrop 0710 /var/spool/postfix/public none
+d root root 0755 /var/spool/vmail none
diff --git a/packages/postfix/postfix_2.0.20.bb b/packages/postfix/postfix_2.0.20.bb
index 117fd2fc61..280f073333 100644
--- a/packages/postfix/postfix_2.0.20.bb
+++ b/packages/postfix/postfix_2.0.20.bb
@@ -1,7 +1,7 @@
SECTION = "console/network"
DEPENDS = "virtual/db libpcre postfix-native"
LICENSE = "IPL"
-PR = "r10"
+PR = "r11"
SRC_URI = "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV}.tar.gz \
file://${FILESDIR}/makedefs.patch;patch=1 \
@@ -9,6 +9,7 @@ SRC_URI = "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV
file://main.cf_2.0 \
file://volatiles \
file://postfix \
+ file://internal_recipient \
"
S = "${WORKDIR}/postfix-${PV}"
@@ -47,6 +48,7 @@ do_install () {
install -m 755 ${WORKDIR}/main.cf_2.0 ${D}${localstatedir}/tmp/main_cf.sh
install -m 644 ${WORKDIR}/volatiles ${D}${sysconfdir}/default/volatiles/01_postfix
install -m 755 ${WORKDIR}/postfix ${D}${sysconfdir}/init.d/postfix
+ install -m 644 ${WORKDIR}/internal_recipient ${D}${sysconfdir}/postfix/internal_recipient
mv ${D}${sbindir}/sendmail ${D}${sbindir}/sendmail.${PN}
}