diff options
| author | Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> | 2012-12-11 13:14:19 +0000 |
|---|---|---|
| committer | Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> | 2012-12-11 13:14:19 +0000 |
| commit | 9152aecc7c9a9ce98a0e0854002ef7d086fac26e (patch) | |
| tree | e8ad1b938f30ec0803771e0ae56624945a2feb35 | |
| parent | 5e895296887b134ca3d809a612ceccdc31795f78 (diff) | |
| download | pykolab-9152aecc7c9a9ce98a0e0854002ef7d086fac26e.tar.gz | |
Secure the SMTP server further, by verifying the envelope sender is either not locally hosted, or authenticated
| -rw-r--r-- | pykolab/setup/setup_mta.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py index 5c66f19..c02b024 100644 --- a/pykolab/setup/setup_mta.py +++ b/pykolab/setup/setup_mta.py @@ -198,6 +198,9 @@ result_attribute = mail "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf", "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf", "smtpd_tls_auth_only": "yes", + "smtpd_sasl_auth_enable": "yes", + "smtpd_sender_login_maps": "$relay_recipient_maps", + "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch", "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit", "smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming", "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject", |