docker/docker-mail
1
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases 6 Wiki Activity

feat(postfix): Enforce SMTPD sender restrictions

Browse Source 
Default is to accept all mail from sender after filtering.

smtpd_sender_restrictions rules and order are as follows:
    1. permit_mynetworks
        permit my network (localhost). Placed first as sometimes the
        sender will not be a FQDN sender. (i.e. cron)
    2. reject_non_fqdn_sender
        bounce mail where sender not in format of FQDN.
    3. reject
        Reject all remaining senders

MR !7
This commit is contained in:
Jon Lockwood
2022-02-18 11:58:59 +09:30
parent 8c68163e9d
commit 58f42a7913
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dockerfile
View File

@ -197,6 +197,8 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \
&& postconf -e "smtpd_client_restrictions=reject_unauth_destination,reject_unauth_pipelining,permit_mynetworks,permit_auth_destination,reject" \ && postconf -e "smtpd_client_restrictions=reject_unauth_destination,reject_unauth_pipelining,permit_mynetworks,permit_auth_destination,reject" \
# HELO/EHLO restrictions # HELO/EHLO restrictions
&& postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit" \ && postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit" \
# MAIL FROM restrictions
&& postconf -e "smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,permit" \
EXPOSE 25 587 993 4190 EXPOSE 25 587 993 4190