diff options
-rw-r--r-- | README.md | 14 | ||||
-rw-r--r-- | postfix/aliases | 3 | ||||
-rw-r--r-- | postfix/insiders | 2 | ||||
-rw-r--r-- | postfix/main.cf | 5 | ||||
-rw-r--r-- | postfix/protected_destinations | 2 |
5 files changed, 19 insertions, 7 deletions
@@ -19,14 +19,16 @@ No POP3 because POP3 sucks ## Files ``` postfix -|- master.cf daemon instance specific, { smtpd, submission, submissions } -|- main.cf program specific, { smtp, smtpd } -|- aliases address aliases +|- master.cf daemon instance specific, { smtpd, submission, submissions } +|- main.cf program specific, { smtp, smtpd } +|- aliases address aliases +|- protected_destinations destionations only reachable by insiders +|- insiders insider addresses dovecot -|- dovecot.conf dovecot config +|- dovecot.conf dovecot config gnu-mailutils -|- mailutils.conf GNU mailutils config -|- .mailrc user specific mail options +|- mailutils.conf GNU mailutils config +|- .mailrc user specific mail options ``` ## Tested clients diff --git a/postfix/aliases b/postfix/aliases index cfde663..58e75cd 100644 --- a/postfix/aliases +++ b/postfix/aliases @@ -10,3 +10,6 @@ ftp: postmaster abuse: postmaster postmaster: arf20 + +announce: REDACTED + diff --git a/postfix/insiders b/postfix/insiders new file mode 100644 index 0000000..43bdefe --- /dev/null +++ b/postfix/insiders @@ -0,0 +1,2 @@ +arf20@arf20.com OK + diff --git a/postfix/main.cf b/postfix/main.cf index 3bb538f..7b71024 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -25,11 +25,14 @@ smtpd_relay_before_recipient_restrictions=no # restriction options # no client restrictions, allow all hosts to connect (for incoming mail) # allow incoming messages from unauthenticated servers -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination +smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_destinations, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination # allow relaying mail only from ARFNET users smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination # only allow messages to be sent from arf20.com domain smtpd_sender_restrictions = reject_unknown_sender_domain +# restrict mailing lists to insiders +smtpd_restriction_classes = insiders_only +insiders_only = check_sender_access hash:/etc/postfix/insiders, reject # auth options smtpd_sasl_auth_enable=yes smtpd_sasl_type=dovecot diff --git a/postfix/protected_destinations b/postfix/protected_destinations new file mode 100644 index 0000000..e6e0720 --- /dev/null +++ b/postfix/protected_destinations @@ -0,0 +1,2 @@ +announce@arf20.com insiders_only + |