From d7f8c76bab696ce88aba60841d523a3a719843e9 Mon Sep 17 00:00:00 2001
From: arf20 <aruizfernandez05@gmail.com>
Date: Sat, 30 Dec 2023 00:59:25 +0100
Subject: Mailing list

---
 README.md                      | 14 ++++++++------
 postfix/aliases                |  3 +++
 postfix/insiders               |  2 ++
 postfix/main.cf                |  5 ++++-
 postfix/protected_destinations |  2 ++
 5 files changed, 19 insertions(+), 7 deletions(-)
 create mode 100644 postfix/insiders
 create mode 100644 postfix/protected_destinations

diff --git a/README.md b/README.md
index bb07fa9..75b4d3a 100644
--- a/README.md
+++ b/README.md
@@ -19,14 +19,16 @@ No POP3 because POP3 sucks
 ## Files
 ```
 postfix     
-|- master.cf        daemon instance specific, { smtpd, submission, submissions }
-|- main.cf          program specific, { smtp, smtpd }
-|- aliases          address aliases
+|- master.cf              daemon instance specific, { smtpd, submission, submissions }
+|- main.cf                program specific, { smtp, smtpd }
+|- aliases                address aliases
+|- protected_destinations destionations only reachable by insiders
+|- insiders               insider addresses
 dovecot
-|- dovecot.conf     dovecot config
+|- dovecot.conf           dovecot config
 gnu-mailutils
-|- mailutils.conf   GNU mailutils config
-|- .mailrc          user specific mail options
+|- mailutils.conf         GNU mailutils config
+|- .mailrc                user specific mail options
 ```
 
 ## Tested clients
diff --git a/postfix/aliases b/postfix/aliases
index cfde663..58e75cd 100644
--- a/postfix/aliases
+++ b/postfix/aliases
@@ -10,3 +10,6 @@ ftp: postmaster
 abuse: postmaster
 
 postmaster: arf20
+
+announce: REDACTED
+
diff --git a/postfix/insiders b/postfix/insiders
new file mode 100644
index 0000000..43bdefe
--- /dev/null
+++ b/postfix/insiders
@@ -0,0 +1,2 @@
+arf20@arf20.com    OK
+
diff --git a/postfix/main.cf b/postfix/main.cf
index 3bb538f..7b71024 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -25,11 +25,14 @@ smtpd_relay_before_recipient_restrictions=no
 #   restriction options
 #     no client restrictions, allow all hosts to connect (for incoming mail)
 #     allow incoming messages from unauthenticated servers
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected_destinations, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 #     allow relaying mail only from ARFNET users
 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 #     only allow messages to be sent from arf20.com domain
 smtpd_sender_restrictions = reject_unknown_sender_domain
+#   restrict mailing lists to insiders
+smtpd_restriction_classes = insiders_only
+insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
 #   auth options
 smtpd_sasl_auth_enable=yes
 smtpd_sasl_type=dovecot
diff --git a/postfix/protected_destinations b/postfix/protected_destinations
new file mode 100644
index 0000000..e6e0720
--- /dev/null
+++ b/postfix/protected_destinations
@@ -0,0 +1,2 @@
+announce@arf20.com    insiders_only
+
-- 
cgit v1.2.3