Commit 0b5a40e5 authored by Hinrikus Wolf's avatar Hinrikus Wolf
Browse files

make postscreen optional (default is activated)

parent 3a61c9f3
...@@ -12,6 +12,8 @@ postfix_tls_key: /etc/ssl/private/privkey.pem ...@@ -12,6 +12,8 @@ postfix_tls_key: /etc/ssl/private/privkey.pem
postfix_tls_configuration: 'previous' postfix_tls_configuration: 'previous'
postfix_prefer_lmtp: false postfix_prefer_lmtp: false
postfix_enable_postscreen: true
postfix_enable_memcached: false postfix_enable_memcached: false
postfix_login_suffix: '' postfix_login_suffix: ''
postfix_dnsbl_sites: postfix_dnsbl_sites:
......
...@@ -32,7 +32,7 @@ smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre ...@@ -32,7 +32,7 @@ smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
smtpd_sasl_type = dovecot smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = smtpd_relay_restrictions =
permit_mynetworks permit_mynetworks
permit_sasl_authenticated permit_sasl_authenticated
defer_unauth_destination defer_unauth_destination
...@@ -78,11 +78,12 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp ...@@ -78,11 +78,12 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_gid_maps = static:5000 virtual_gid_maps = static:5000
{% endif %} {% endif %}
{% if postfix_enable_postscreen %}
postscreen_access_list = permit_mynetworks postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr cidr:/etc/postfix/postscreen_access.cidr
{% if postfix_enable_memcached %} {% if postfix_enable_memcached %}
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
{% else %} {% else %}
postscreen_cache_map = proxy:btree:/var/lib/postfix/postscreen_cache postscreen_cache_map = proxy:btree:/var/lib/postfix/postscreen_cache
{% endif %} {% endif %}
...@@ -97,7 +98,7 @@ postscreen_non_smtp_command_enable = yes ...@@ -97,7 +98,7 @@ postscreen_non_smtp_command_enable = yes
# postscreen_non_smtp_command_action = drop # postscreen_non_smtp_command_action = drop
postscreen_bare_newline_enable = yes postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = drop postscreen_bare_newline_action = drop
postscreen_dnsbl_action = enforce postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 2 postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -1 postscreen_dnsbl_whitelist_threshold = -1
...@@ -105,3 +106,4 @@ postscreen_dnsbl_sites = ...@@ -105,3 +106,4 @@ postscreen_dnsbl_sites =
{% for site in postfix_dnsbl_sites %} {% for site in postfix_dnsbl_sites %}
{{ site.name }}*{{ site.modifier|default(1) }} {{ site.name }}*{{ site.modifier|default(1) }}
{% endfor %} {% endfor %}
{% endif %}
...@@ -9,15 +9,18 @@ ...@@ -9,15 +9,18 @@
# (yes) (yes) (no) (never) (100) # (yes) (yes) (no) (never) (100)
# ========================================================================== # ==========================================================================
#smtp inet n - y - - smtpd {% if postfix_enable_postscreen %}
smtp inet n - y - 1 postscreen smtp inet n - y - 1 postscreen
{% else %}
smtp inet n - y - - smtpd
{% endif %}
smtpd pass - - y - - smtpd smtpd pass - - y - - smtpd
{% if postfix_content_filter %} {% if postfix_content_filter %}
-o content_filter={{ postfix_content_filter }} -o content_filter={{ postfix_content_filter }}
{% endif %} {% endif %}
dnsblog unix - - y - 0 dnsblog dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd submission inet n - y - - smtpd
-o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname -o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment