[oe-commits] org.oe.dev postfix: Updating and improving configuration. This should cut off about 75% typical spamload before it enters the system.

ccsmart commit openembedded-commits at lists.openembedded.org
Tue Jan 16 21:33:33 UTC 2007 

postfix: Updating and improving configuration. This should cut off about 75% typical spamload before it enters the system.

Author: ccsmart at openembedded.org
Branch: org.openembedded.dev
Revision: 2e4ab999a65b7242514fc2d74657a1bbb3dbfea4
ViewMTN: http://monotone.openembedded.org/revision.psp?id=2e4ab999a65b7242514fc2d74657a1bbb3dbfea4
Files:
1
packages/postfix/files/internal_recipient
packages/postfix/files/main.cf_2.0
packages/postfix/files/volatiles
packages/postfix/postfix_2.0.20.bb
Diffs:

#
# mt diff -r583d8b399debcd4992b15c5904b5494cc1a4c5bb -r2e4ab999a65b7242514fc2d74657a1bbb3dbfea4
#
# 
# 
# add_file "packages/postfix/files/internal_recipient"
#  content [c661331a4eb42b94cadefcf3d2d5bb17132c4f75]
# 
# patch "packages/postfix/files/main.cf_2.0"
#  from [59ac958e469e0e18410ebe7d7e1f223d774997ab]
#    to [e59c343e302312859d49ce6084d17c900327d405]
# 
# patch "packages/postfix/files/volatiles"
#  from [c4361eb3a533f99b952f6401689d35a40388a868]
#    to [9a719aa8a8f2301f5570a23f059c3c6e2b6f6d0d]
# 
# patch "packages/postfix/postfix_2.0.20.bb"
#  from [33ecf763a0ee19ddf20bc2ccc9e4058ede794487]
#    to [28a80079bbf7d94882e25cdb1989063b4d77190f]
# 
============================================================
--- packages/postfix/files/internal_recipient	c661331a4eb42b94cadefcf3d2d5bb17132c4f75
+++ packages/postfix/files/internal_recipient	c661331a4eb42b94cadefcf3d2d5bb17132c4f75
@@ -0,0 +1,2 @@
+root@   permit_mynetworks,reject
+
============================================================
--- packages/postfix/files/main.cf_2.0	59ac958e469e0e18410ebe7d7e1f223d774997ab
+++ packages/postfix/files/main.cf_2.0	e59c343e302312859d49ce6084d17c900327d405
@@ -1,7 +1,8 @@ mydomain=sample.com
 #!/bin/sh
 cat <<EOF
 # Configure your domain and accounts
 mydomain=sample.com
+mynetworks = 127.0.0.1/32 192.168.1.0/24
 
 virtual_mailbox_domains = sample.com, other.net
 virtual_mailbox_maps = hash:/etc/postfix/virtual
@@ -35,4 +36,66 @@ mailq_path = /usr/bin/mailq
 sendmail_path = /usr/sbin/sendmail
 newaliases_path = /usr/bin/newaliases
 mailq_path = /usr/bin/mailq
+
+smtpd_data_restrictions =
+        permit_mynetworks,
+        reject_unauth_pipelining,
+        permit
+
+smtpd_client_restrictions =
+        permit_mynetworks,
+        # reject_unknown_client, # This can cause a lot of false rejects.
+        reject_invalid_hostname,
+        reject_rbl_client list.dsbl.org,
+        reject_rbl_client sbl.spamhaus.org,
+        reject_rbl_client cbl.abuseat.org,
+        reject_rbl_client dul.dnsbl.sorbs.net,
+        permit
+
+smtpd_helo_required = yes
+smtpd_helo_restrictions =
+        permit_mynetworks,
+        reject_unauth_pipelining,
+        # reject_non_fqdn_hostname, # This can cause a lot of false rejects.
+        # reject_unknown_hostname, # This can cause a lot of false rejects.
+        reject_invalid_hostname,
+        permit
+
+smtpd_sender_restrictions =
+        permit_mynetworks,
+        reject_non_fqdn_sender,
+        # check_sender_access hash:/etc/postfix/access_domains,
+        reject_unknown_sender_domain,
+        permit
+
+smtpd_recipient_restrictions =
+        permit_mynetworks,
+        permit_sasl_authenticated,
+        reject_unauth_destination,
+
+        # check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
+        # check_helo_access pcre:/etc/postfix/helo_checks.pcre,
+
+        # check_client_access hash:/etc/postfix/maps/access_client,
+        # check_client_access hash:/etc/postfix/maps/exceptions_client,
+        # check_helo_access hash:/etc/postfix/maps/access_helo,
+        # check_helo_access hash:/etc/postfix/maps/verify_helo,
+        # check_sender_access hash:/etc/postfix/maps/access_sender,
+        # check_sender_access hash:/etc/postfix/maps/verify_sender,
+        # check_recipient_access hash:/etc/postfix/maps/access_recipient,
+
+        # reject_multi_recipient_bounce,
+        reject_non_fqdn_recipient,
+        reject_unknown_recipient_domain,
+        # reject_unlisted_recipient,
+        #check_policy_service unix:private/policy,
+
+        # check_sender_access hash:/etc/postfix/maps/no_verify_sender,
+        # check_sender_access hash:/etc/postfix/access_domains,
+        # reject_unverified_sender,
+        # reject_unverified_recipient
+        check_recipient_access hash:/etc/postfix/internal_recipient
+
+disable_vrfy_command = yes
+
 EOF
============================================================
--- packages/postfix/files/volatiles	c4361eb3a533f99b952f6401689d35a40388a868
+++ packages/postfix/files/volatiles	9a719aa8a8f2301f5570a23f059c3c6e2b6f6d0d
@@ -1,15 +1,15 @@
-d postfix nogroup 2755 /var/spool/mail
-d root postfix 0755 /var/spool/postfix
-d postfix root 0700 /var/spool/postfix/active
-d postfix root 0700 /var/spool/postfix/bounce
-d postfix root 0700 /var/spool/postfix/corrupt
-d postfix root 0700 /var/spool/postfix/defer
-d postfix root 0700 /var/spool/postfix/deferred
-d postfix root 0700 /var/spool/postfix/flush
-d postfix root 0700 /var/spool/postfix/hold
-d postfix root 0700 /var/spool/postfix/incoming
-d postfix postdrop 0730 /var/spool/postfix/maildrop
-d root root 0755 /var/spool/postfix/pid
-d postfix root 0700 /var/spool/postfix/private
-d postfix postdrop 0710 /var/spool/postfix/public
-d root root 0755 /var/spool/vmail
+d postfix nogroup 2755 /var/spool/mail none
+d root postfix 0755 /var/spool/postfix none
+d postfix root 0700 /var/spool/postfix/active none
+d postfix root 0700 /var/spool/postfix/bounce none
+d postfix root 0700 /var/spool/postfix/corrupt none
+d postfix root 0700 /var/spool/postfix/defer none
+d postfix root 0700 /var/spool/postfix/deferred none
+d postfix root 0700 /var/spool/postfix/flush none
+d postfix root 0700 /var/spool/postfix/hold none
+d postfix root 0700 /var/spool/postfix/incoming none
+d postfix postdrop 0730 /var/spool/postfix/maildrop none
+d root root 0755 /var/spool/postfix/pid none
+d postfix root 0700 /var/spool/postfix/private none
+d postfix postdrop 0710 /var/spool/postfix/public none
+d root root 0755 /var/spool/vmail none
============================================================
--- packages/postfix/postfix_2.0.20.bb	33ecf763a0ee19ddf20bc2ccc9e4058ede794487
+++ packages/postfix/postfix_2.0.20.bb	28a80079bbf7d94882e25cdb1989063b4d77190f
@@ -1,7 +1,7 @@ LICENSE = "IPL"
 SECTION = "console/network"
 DEPENDS = "virtual/db libpcre postfix-native"
 LICENSE = "IPL"
-PR = "r10"
+PR = "r11"
 
 SRC_URI = "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${PV}.tar.gz \
 	   file://${FILESDIR}/makedefs.patch;patch=1 \
@@ -9,6 +9,7 @@ SRC_URI = "ftp://ftp.porcupine.org/mirro
 	   file://main.cf_2.0 \
 	   file://volatiles \
 	   file://postfix \
+	   file://internal_recipient \
 	   "
 
 S = "${WORKDIR}/postfix-${PV}"
@@ -47,6 +48,7 @@ do_install () {
 	install -m 755 ${WORKDIR}/main.cf_2.0 ${D}${localstatedir}/tmp/main_cf.sh
         install -m 644 ${WORKDIR}/volatiles ${D}${sysconfdir}/default/volatiles/01_postfix
         install -m 755 ${WORKDIR}/postfix ${D}${sysconfdir}/init.d/postfix
+        install -m 644 ${WORKDIR}/internal_recipient ${D}${sysconfdir}/postfix/internal_recipient
 	mv ${D}${sbindir}/sendmail ${D}${sbindir}/sendmail.${PN}
 }

More information about the Openembedded-commits mailing list