Commit 0b5a40e5 authored by Hinrikus Wolf's avatar Hinrikus Wolf

make postscreen optional (default is activated)

parent 3a61c9f3
......@@ -12,6 +12,8 @@ postfix_tls_key: /etc/ssl/private/privkey.pem
postfix_tls_configuration: 'previous'
postfix_prefer_lmtp: false
postfix_enable_postscreen: true
postfix_enable_memcached: false
postfix_login_suffix: ''
postfix_dnsbl_sites:
......
......@@ -32,7 +32,7 @@ smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions =
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
......@@ -78,11 +78,12 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_gid_maps = static:5000
{% endif %}
{% if postfix_enable_postscreen %}
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr
{% if postfix_enable_memcached %}
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
{% else %}
postscreen_cache_map = proxy:btree:/var/lib/postfix/postscreen_cache
{% endif %}
......@@ -97,7 +98,7 @@ postscreen_non_smtp_command_enable = yes
# postscreen_non_smtp_command_action = drop
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -1
......@@ -105,3 +106,4 @@ postscreen_dnsbl_sites =
{% for site in postfix_dnsbl_sites %}
{{ site.name }}*{{ site.modifier|default(1) }}
{% endfor %}
{% endif %}
......@@ -9,15 +9,18 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
#smtp inet n - y - - smtpd
{% if postfix_enable_postscreen %}
smtp inet n - y - 1 postscreen
{% else %}
smtp inet n - y - - smtpd
{% endif %}
smtpd pass - - y - - smtpd
{% if postfix_content_filter %}
-o content_filter={{ postfix_content_filter }}
{% endif %}
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
submission inet n - y - - smtpd
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment