summaryrefslogtreecommitdiff
path: root/puppet/modules/site_postfix
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2013-08-28 16:37:49 +0200
committervarac <varacanero@zeromail.org>2013-08-28 16:38:46 +0200
commitf52d2e77f3b3f0c478fcaa192e02683d7508a728 (patch)
treec4ac304847a6bcaed63f9790e8842ff36780937f /puppet/modules/site_postfix
parentb093daf38d1bf33170382349ae8326e800ed70cd (diff)
SMTP checks (Feature #2304)
Diffstat (limited to 'puppet/modules/site_postfix')
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp2
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp11
2 files changed, 10 insertions, 3 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 7e2082d9..53dd9be4 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -11,8 +11,6 @@ class site_postfix::mx {
postfix::config {
'mydestination':
value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}";
- 'smtpd_recipient_restrictions':
- value => 'check_recipient_access tcp:localhost:2244,permit_tls_all_clientcerts,reject_unauth_destination';
'mailbox_size_limit': value => '0';
'home_mailbox': value => 'Maildir/';
'virtual_alias_maps': value => 'tcp:localhost:4242';
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index b2f2d7c2..bda666f8 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -1,9 +1,18 @@
class site_postfix::mx::smtpd_checks {
postfix::config {
- 'smtpd_delay_reject': value => 'yes';
+ 'smtpd_client_restrictions':
+ value => 'permit_mynetworks,permit';
'smtpd_data_restrictions':
value => 'permit_mynetworks, reject_unauth_pipelining, permit';
+ 'smtpd_delay_reject':
+ value => 'yes';
+ 'smtpd_helo_restrictions':
+ value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit';
+ 'smtpd_recipient_restrictions':
+ value => 'reject_unknown_recipient_domain, permit_mynetworks, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
+ 'smtpd_sender_restrictions':
+ value => 'check_sender_access tcp:localhost:2244, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
}
}