1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-25 07:47:05 +00:00

Add root@primary host alias

This commit is contained in:
github@kiekerjan.isdronken.nl 2021-04-28 09:23:27 +02:00
parent f60d0f4f1e
commit 1264fffb4b
3 changed files with 15 additions and 3 deletions

View File

@ -525,6 +525,9 @@ def get_required_aliases(env):
# The hostmaster alias is exposed in the DNS SOA for each zone. # The hostmaster alias is exposed in the DNS SOA for each zone.
aliases.add("hostmaster@" + env['PRIMARY_HOSTNAME']) aliases.add("hostmaster@" + env['PRIMARY_HOSTNAME'])
# Setup root alias
aliases.add("root@" + env['PRIMARY_HOSTNAME'])
# Get a list of domains we serve mail for, except ones for which the only # Get a list of domains we serve mail for, except ones for which the only
# email on that domain are the required aliases or a catch-all/domain-forwarder. # email on that domain are the required aliases or a catch-all/domain-forwarder.
real_mail_domains = get_mail_domains(env, real_mail_domains = get_mail_domains(env,

View File

@ -137,6 +137,14 @@ tools/editconf.py /etc/postfix/main.cf \
tls_preempt_cipherlist=no \ tls_preempt_cipherlist=no \
smtpd_tls_received_header=yes smtpd_tls_received_header=yes
# Add block_root_external to block mail send to root@PRIMARY_HOSTNAME. This mail address is only supposed to be used for local
# mail delivery (cron etc)
cat > /etc/postfix/block_root_external << EOF;
root@$PRIMARY_HOSTNAME REJECT
EOF
postmap /etc/postfix/block_root_external
# Prevent non-authenticated users from sending mail that requires being # Prevent non-authenticated users from sending mail that requires being
# relayed elsewhere. We don't want to be an "open relay". On outbound # relayed elsewhere. We don't want to be an "open relay". On outbound
# mail, require one of: # mail, require one of:
@ -144,9 +152,10 @@ tools/editconf.py /etc/postfix/main.cf \
# * `permit_sasl_authenticated`: Authenticated users (i.e. on port 587). # * `permit_sasl_authenticated`: Authenticated users (i.e. on port 587).
# * `permit_mynetworks`: Mail that originates locally. # * `permit_mynetworks`: Mail that originates locally.
# * `reject_unauth_destination`: No one else. (Permits mail whose destination is local and rejects other mail.) # * `reject_unauth_destination`: No one else. (Permits mail whose destination is local and rejects other mail.)
# * `block_root_external`: Block mail addressed at root@PRIMARY_HOSTNAME. Root mail is only to receive mails locally send to root.
# permit_mynetworks will allow delivery of mail for root originating locally.
tools/editconf.py /etc/postfix/main.cf \ tools/editconf.py /etc/postfix/main.cf \
smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,hash:/etc/postfix/block_root_external
# ### DANE # ### DANE