|
|
|
@ -51,20 +51,34 @@ smtpd_sasl_type = dovecot |
|
|
|
smtpd_sasl_path = private/auth |
|
|
|
# and the common settings to enable SASL: |
|
|
|
smtpd_sasl_auth_enable = yes |
|
|
|
|
|
|
|
### Security ### |
|
|
|
# these settings apply to BOTH authenticated and unauthenticated mail |
|
|
|
# for security settings for only authenticated mail, use options in master.cf |
|
|
|
smtpd_delay_reject = yes |
|
|
|
smtpd_helo_required = yes |
|
|
|
# reject hosts with malformed identifiers |
|
|
|
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_reverse_client_hostname |
|
|
|
# reject hosts with malformed HELO identifiers |
|
|
|
smtpd_helo_restrictions = |
|
|
|
permit_mynetworks, |
|
|
|
permit_sasl_authenticated, |
|
|
|
reject_invalid_helo_hostname, |
|
|
|
reject_non_fqdn_helo_hostname, |
|
|
|
reject_unknown_helo_hostname |
|
|
|
# reject hosts that improperly use SMTP commands |
|
|
|
smtpd_data_restrictions = reject_unauth_pipelining |
|
|
|
# reject unauthorized relay attempts |
|
|
|
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination |
|
|
|
# reject mail from IPs listed in spam list |
|
|
|
smtpd_recipient_restrictions = |
|
|
|
# reject blacklisted addresses |
|
|
|
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/deny, permit |
|
|
|
# reject hosts that are likely to be spammers |
|
|
|
smtpd_client_restrictions = |
|
|
|
permit_mynetworks, |
|
|
|
permit_sasl_authenticated, |
|
|
|
reject_unknown_client_hostname, |
|
|
|
# weaker version of reject_unknown_client_hostname |
|
|
|
# the strong version may cause problems with some legitimate senders (eg, Verizon) |
|
|
|
# reject_unknown_reverse_client_hostname, |
|
|
|
# reject clients from lists of known spammers |
|
|
|
# reject_rbl_client zen.spamhaus.org, |
|
|
|
# reject_rhsbl_reverse_client dbl.spamhaus.org, |
|
|
|
# reject_rhsbl_helo dbl.spamhaus.org, |
|
|
|
|
Mar Alegre