From f52d2e77f3b3f0c478fcaa192e02683d7508a728 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Wed, 28 Aug 2013 16:37:49 +0200
Subject: SMTP checks (Feature #2304)

---
 puppet/modules/site_postfix/manifests/mx.pp              |  2 --
 puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 11 ++++++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'puppet/modules/site_postfix')

diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 7e2082d9..53dd9be4 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -11,8 +11,6 @@ class site_postfix::mx {
   postfix::config {
     'mydestination':
       value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}";
-    'smtpd_recipient_restrictions':
-      value => 'check_recipient_access tcp:localhost:2244,permit_tls_all_clientcerts,reject_unauth_destination';
     'mailbox_size_limit':   value => '0';
     'home_mailbox':         value => 'Maildir/';
     'virtual_alias_maps':   value => 'tcp:localhost:4242';
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index b2f2d7c2..bda666f8 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -1,9 +1,18 @@
 class site_postfix::mx::smtpd_checks {
 
   postfix::config {
-    'smtpd_delay_reject': value => 'yes';
+    'smtpd_client_restrictions':
+      value => 'permit_mynetworks,permit';
     'smtpd_data_restrictions':
       value => 'permit_mynetworks, reject_unauth_pipelining, permit';
+    'smtpd_delay_reject':
+      value => 'yes';
+    'smtpd_helo_restrictions':
+      value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit';
+    'smtpd_recipient_restrictions':
+      value => 'reject_unknown_recipient_domain, permit_mynetworks, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
+    'smtpd_sender_restrictions':
+      value => 'check_sender_access tcp:localhost:2244, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
   }
 
 }
-- 
cgit v1.2.3