From 58f42a7913625afda9550ce99328af9e8ede2df7 Mon Sep 17 00:00:00 2001
From: Jon Lockwood <jonathon.lockwood@networkedweb.com>
Date: Fri, 18 Feb 2022 11:58:59 +0930
Subject: [PATCH] feat(postfix): Enforce SMTPD sender restrictions

Default is to accept all mail from sender after filtering.

smtpd_sender_restrictions rules and order are as follows:
    1. permit_mynetworks
        permit my network (localhost). Placed first as sometimes the
        sender will not be a FQDN sender. (i.e. cron)
    2. reject_non_fqdn_sender
        bounce mail where sender not in format of FQDN.
    3. reject
        Reject all remaining senders

MR !7
---
 dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dockerfile b/dockerfile
index c3adde7..0666c58 100644
--- a/dockerfile
+++ b/dockerfile
@@ -197,6 +197,8 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \
   && postconf -e "smtpd_client_restrictions=reject_unauth_destination,reject_unauth_pipelining,permit_mynetworks,permit_auth_destination,reject" \
     # HELO/EHLO restrictions
   && postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit" \
+    # MAIL FROM restrictions
+  && postconf -e "smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,permit" \
     
 EXPOSE 25 587 993 4190