aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md14
-rw-r--r--postfix/aliases3
-rw-r--r--postfix/insiders2
-rw-r--r--postfix/main.cf5
-rw-r--r--postfix/protected_destinations2
5 files changed, 19 insertions, 7 deletions
diff --git a/README.md b/README.md
index bb07fa9..75b4d3a 100644
--- a/README.md
+++ b/README.md
@@ -19,14 +19,16 @@ No POP3 because POP3 sucks
## Files
```
postfix
-|- master.cf daemon instance specific, { smtpd, submission, submissions }
-|- main.cf program specific, { smtp, smtpd }
-|- aliases address aliases
+|- master.cf daemon instance specific, { smtpd, submission, submissions }
+|- main.cf program specific, { smtp, smtpd }
+|- aliases address aliases
+|- protected_destinations destionations only reachable by insiders
+|- insiders insider addresses
dovecot
-|- dovecot.conf dovecot config
+|- dovecot.conf dovecot config
gnu-mailutils
-|- mailutils.conf GNU mailutils config
-|- .mailrc user specific mail options
+|- mailutils.conf GNU mailutils config
+|- .mailrc user specific mail options
```
## Tested clients
diff --git a/postfix/aliases b/postfix/aliases
index cfde663..58e75cd 100644
--- a/postfix/aliases
+++ b/postfix/aliases
@@ -10,3 +10,6 @@ ftp: postmaster
abuse: postmaster
postmaster: arf20
+
+announce: REDACTED
+
diff --git a/postfix/insiders b/postfix/insiders
new file mode 100644
index 0000000..43bdefe
--- /dev/null
+++ b/postfix/insiders
@@ -0,0 +1,2 @@
+arf20@arf20.com OK
+
diff --git a/postfix/main.cf b/postfix/main.cf
index 3bb538f..7b71024 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -25,11 +25,14 @@ smtpd_relay_before_recipient_restrictions=no
# restriction options
# no client restrictions, allow all hosts to connect (for incoming mail)
# allow incoming messages from unauthenticated servers
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_destinations, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
# allow relaying mail only from ARFNET users
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
# only allow messages to be sent from arf20.com domain
smtpd_sender_restrictions = reject_unknown_sender_domain
+# restrict mailing lists to insiders
+smtpd_restriction_classes = insiders_only
+insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
# auth options
smtpd_sasl_auth_enable=yes
smtpd_sasl_type=dovecot
diff --git a/postfix/protected_destinations b/postfix/protected_destinations
new file mode 100644
index 0000000..e6e0720
--- /dev/null
+++ b/postfix/protected_destinations
@@ -0,0 +1,2 @@
+announce@arf20.com insiders_only
+