From 52524b595fc736f0cee9d403740fffcb174833a5 Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 27 Sep 2023 17:28:50 -0700 Subject: [PATCH] Don't be so strict with clients --- postfix.nix | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/postfix.nix b/postfix.nix index 241dbc1..4f3668d 100644 --- a/postfix.nix +++ b/postfix.nix @@ -270,7 +270,7 @@ in { client-restrictions = [ "permit_sasl_authenticated" "permit_mynetworks" "reject" ]; - helo-restrictions = [ + incoming-helo-restrictions = [ "permit_mynetworks" "reject_invalid_hostname" "reject_non_fqdn_helo_hostname" @@ -278,6 +278,13 @@ in { ] ++ (map (blacklist: "reject_rbl_client ${blacklist}") cfg.blacklist.dns) ++ [ "permit" ]; + outgoing-helo-restrictions = [ + "permit_mynetworks" + "reject_invalid_hostname" + "reject_unknown_helo_hostname" + "permit" + ]; + makeRestrictionsString = lst: concatStringsSep "," (map (replaceStrings [ " " ] [ "," ]) lst); @@ -397,7 +404,7 @@ in { smtpd_recipient_restrictions = recipient-restrictions; - smtpd_helo_restrictions = helo-restrictions; + smtpd_helo_restrictions = incoming-helo-restrictions; # Handled by submission smtpd_tls_security_level = "may"; @@ -446,7 +453,8 @@ in { smtpd_sasl_path = "/run/dovecot2/auth"; smtpd_sasl_security_options = "noanonymous"; smtpd_sasl_local_domain = cfg.domain; - smtpd_helo_restrictions = makeRestrictionsString helo-restrictions; + smtpd_helo_restrictions = + makeRestrictionsString outgoing-helo-restrictions; smtpd_client_restrictions = makeRestrictionsString client-restrictions; smtpd_sender_restrictions = @@ -465,7 +473,8 @@ in { smtpd_sasl_path = "/run/dovecot2/auth"; smtpd_sasl_security_options = "noanonymous"; smtpd_sasl_local_domain = cfg.domain; - smtpd_helo_restrictions = makeRestrictionsString helo-restrictions; + smtpd_helo_restrictions = + makeRestrictionsString outgoing-helo-restrictions; smtpd_client_restrictions = makeRestrictionsString client-restrictions; smtpd_sender_restrictions =