docker/docker-mail
1
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases 6 Wiki Activity

feat(postfix): introduce smtpd helo restrictions

Browse Source 
Default is permit.
Rule order as follows:
    1. permit_mynetworks
        My network (localhost) is exempt from restriction
    2. reject_invalid_helo_hostname
        Don't allow a connection from an invalid host.
    3. permit
        Allow the remaining hosts not booted.

MR !7
This commit is contained in:
Jon Lockwood
2022-02-18 11:45:43 +09:30
parent 64258f2cd8
commit 8c68163e9d
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dockerfile
View File

@ -195,6 +195,8 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \
# Connection defaults to reject where possible/advised # Connection defaults to reject where possible/advised
# Client command restrictions # Client command restrictions
&& postconf -e "smtpd_client_restrictions=reject_unauth_destination,reject_unauth_pipelining,permit_mynetworks,permit_auth_destination,reject" \ && postconf -e "smtpd_client_restrictions=reject_unauth_destination,reject_unauth_pipelining,permit_mynetworks,permit_auth_destination,reject" \
# HELO/EHLO restrictions
&& postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit" \
EXPOSE 25 587 993 4190 EXPOSE 25 587 993 4190