From 9152aecc7c9a9ce98a0e0854002ef7d086fac26e Mon Sep 17 00:00:00 2001
From: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com>
Date: Tue, 11 Dec 2012 13:14:19 +0000
Subject: Secure the SMTP server further, by verifying the envelope sender is
 either not locally hosted, or authenticated

---
 pykolab/setup/setup_mta.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 5c66f19..c02b024 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -198,6 +198,9 @@ result_attribute = mail
             "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf",
             "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
             "smtpd_tls_auth_only": "yes",
+            "smtpd_sasl_auth_enable": "yes",
+            "smtpd_sender_login_maps": "$relay_recipient_maps",
+            "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch",
             "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
             "smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming",
             "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
-- 
cgit v1.1