docker/docker-mail
1
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases 6 Wiki Activity

feat(postfix): enforce only reaying mail for auth destination

Browse Source 
Mail server should only relay mail for domains and users it hosts. default is to reject.

Rules and order as follows:
    1. reject_non_fqdn_recipient
        Require the recipient to be in FQDN format for relaying
        and routing reasons including locating user.
    2. permit_auth_destination
        Only accept mail to be routed if authorized.
    3. reject
        Don't accept any further mail for relaying.

MR !7
This commit is contained in:
Jon Lockwood
2022-02-18 12:16:06 +09:30
parent 1b168f07d5
commit f90daea454
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dockerfile
View File

@ -199,6 +199,8 @@ RUN postconf -e "maillog_file=/var/log/postfix.log" \
&& postconf -e "smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,permit" \ && postconf -e "smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,permit" \
# RCPT TO restrictions # RCPT TO restrictions
&& postconf -e "smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,check_policy_service,unix:private/policyd-spf,check_policy_service unix:private/quota,permit_auth_destination,reject" \ && postconf -e "smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,check_policy_service,unix:private/policyd-spf,check_policy_service unix:private/quota,permit_auth_destination,reject" \
# RCPT TO restrictions
&& postconf -e "smtpd_relay_restrictions=reject_non_fqdn_recipient,permit_auth_destination,reject" \
EXPOSE 25 587 993 4190 EXPOSE 25 587 993 4190