public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't be so strict with clients

This commit is contained in:
niten 2023-09-27 17:28:50 -07:00
parent 713aa646e5
commit 52524b595f
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
postfix.nix
View File

@ -270,7 +270,7 @@ in {
client-restrictions = client-restrictions =
[ "permit_sasl_authenticated" "permit_mynetworks" "reject" ]; [ "permit_sasl_authenticated" "permit_mynetworks" "reject" ];
helo-restrictions = [ incoming-helo-restrictions = [
"permit_mynetworks" "permit_mynetworks"
"reject_invalid_hostname" "reject_invalid_hostname"
"reject_non_fqdn_helo_hostname" "reject_non_fqdn_helo_hostname"
@ -278,6 +278,13 @@ in {
] ++ (map (blacklist: "reject_rbl_client ${blacklist}") ] ++ (map (blacklist: "reject_rbl_client ${blacklist}")
cfg.blacklist.dns) ++ [ "permit" ]; cfg.blacklist.dns) ++ [ "permit" ];
outgoing-helo-restrictions = [
"permit_mynetworks"
"reject_invalid_hostname"
"reject_unknown_helo_hostname"
"permit"
];
makeRestrictionsString = lst: makeRestrictionsString = lst:
concatStringsSep "," (map (replaceStrings [ " " ] [ "," ]) lst); concatStringsSep "," (map (replaceStrings [ " " ] [ "," ]) lst);
@ -397,7 +404,7 @@ in {
smtpd_recipient_restrictions = recipient-restrictions; smtpd_recipient_restrictions = recipient-restrictions;
smtpd_helo_restrictions = helo-restrictions; smtpd_helo_restrictions = incoming-helo-restrictions;
# Handled by submission # Handled by submission
smtpd_tls_security_level = "may"; smtpd_tls_security_level = "may";
@ -446,7 +453,8 @@ in {
smtpd_sasl_path = "/run/dovecot2/auth"; smtpd_sasl_path = "/run/dovecot2/auth";
smtpd_sasl_security_options = "noanonymous"; smtpd_sasl_security_options = "noanonymous";
smtpd_sasl_local_domain = cfg.domain; smtpd_sasl_local_domain = cfg.domain;
smtpd_helo_restrictions = makeRestrictionsString helo-restrictions; smtpd_helo_restrictions =
makeRestrictionsString outgoing-helo-restrictions;
smtpd_client_restrictions = smtpd_client_restrictions =
makeRestrictionsString client-restrictions; makeRestrictionsString client-restrictions;
smtpd_sender_restrictions = smtpd_sender_restrictions =
@ -465,7 +473,8 @@ in {
smtpd_sasl_path = "/run/dovecot2/auth"; smtpd_sasl_path = "/run/dovecot2/auth";
smtpd_sasl_security_options = "noanonymous"; smtpd_sasl_security_options = "noanonymous";
smtpd_sasl_local_domain = cfg.domain; smtpd_sasl_local_domain = cfg.domain;
smtpd_helo_restrictions = makeRestrictionsString helo-restrictions; smtpd_helo_restrictions =
makeRestrictionsString outgoing-helo-restrictions;
smtpd_client_restrictions = smtpd_client_restrictions =
makeRestrictionsString client-restrictions; makeRestrictionsString client-restrictions;
smtpd_sender_restrictions = smtpd_sender_restrictions =