summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-12-11 13:14:19 +0000
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-12-11 13:14:19 +0000
commit9152aecc7c9a9ce98a0e0854002ef7d086fac26e (patch)
treee8ad1b938f30ec0803771e0ae56624945a2feb35
parent5e895296887b134ca3d809a612ceccdc31795f78 (diff)
downloadpykolab-9152aecc7c9a9ce98a0e0854002ef7d086fac26e.tar.gz
Secure the SMTP server further, by verifying the envelope sender is either not locally hosted, or authenticated
-rw-r--r--pykolab/setup/setup_mta.py3
1 files changed, 3 insertions, 0 deletions
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 5c66f19..c02b024 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -198,6 +198,9 @@ result_attribute = mail
"transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf",
"virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
"smtpd_tls_auth_only": "yes",
+ "smtpd_sasl_auth_enable": "yes",
+ "smtpd_sender_login_maps": "$relay_recipient_maps",
+ "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch",
"smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
"smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
"submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",