external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-20 02:52:11 +00:00
Code Issues Releases Wiki Activity

Implement sender and recipient checks

Browse Source
This commit is contained in:
cmharper 2019-04-15 09:58:04 +01:00
parent 25fec63a03
commit afcc04dea7
3 changed files with 72 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
conf/reject.recipients Normal file
View File

@ -0,0 +1,35 @@
# #### WARNING - ONLY EDIT THIS FILE IF YOU KNOW WHAT YOU ARE DOING #### #
# #### YOU HAVE BEEN WARNED! #### #
# this file contains a list of regular expressions that could match wanted
# or unwanted email RECIPIENTS
# after editing this file remember to use the command: "service postfix reload"
#
# Useful commands:
# postconf -n (list current config)
# postmap -q "test@example.com" regexp:/etc/postfix/sender_checks (test what would happen with test@example.com)
# Example regular expressions
# this will reject the exact email address 123@example.com:
# /^123\@example\.com$/ REJECT
#
# this will reject any email addresses beginning with 123@:
# /^123\@/ REJECT
#
# this will reject email addresses ending with example.com:
# /(\.|\@)example\.com$/ REJECT
# #### WARNING - ONLY EDIT THIS FILE IF YOU KNOW WHAT YOU ARE DOING #### #
# #### YOU HAVE BEEN WARNED TWICE NOW AND I WON'T WARN #### #
# #### YOU AGAIN! YOU ARE ON YOUR OWN NOW. #### #
# Let email to the following destinations bypass all the remaining
# "reject" and "check" tests. We always want to let email for these
# recipients in. These should not be altered.
/^postmaster\@/ OK
/^hostmaster\@/ OK
/^abuse\@/ OK
/^admin\@/ OK
/^administrator\@/ OK

25
conf/reject.senders Normal file
View File

@ -0,0 +1,25 @@
# #### WARNING - ONLY EDIT THIS FILE IF YOU KNOW WHAT YOU ARE DOING #### #
# #### YOU HAVE BEEN WARNED! #### #
# this file contains a list of regular expressions that could match wanted
# or unwanted email SENDERS
# after editing this file remember to use the command: "service postfix reload"
#
# Useful commands:
# postconf -n (list current config)
# postmap -q "test@example.com" regexp:/etc/postfix/sender_checks (test what would happen with test@example.com)
# Example regular expressions
# this will reject the exact email address 123@example.com:
# /^123\@example\.com$/ REJECT
#
# this will reject any email addresses beginning with 123@:
# /^123\@/ REJECT
#
# this will reject email addresses ending with example.com:
# /(\.|\@)example\.com$/ REJECT
# #### WARNING - ONLY EDIT THIS FILE IF YOU KNOW WHAT YOU ARE DOING #### #
# #### YOU HAVE BEEN WARNED TWICE NOW AND I WON'T WARN #### #
# #### YOU AGAIN! YOU ARE ON YOUR OWN NOW. #### #

14
setup/mail-postfix.sh
View File

@ -102,7 +102,7 @@ tools/editconf.py /etc/postfix/master.cf -s -w \
# Install the `outgoing_mail_header_filters` file required by the new 'authclean' service. # Install the `outgoing_mail_header_filters` file required by the new 'authclean' service.
cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
# Modify the `outgoing_mail_header_filters` file to use the local machine name and ip # Modify the `outgoing_mail_header_filters` file to use the local machine name and ip
# on the first received header line. This may help reduce the spam score of email by # on the first received header line. This may help reduce the spam score of email by
# removing the 127.0.0.1 reference. # removing the 127.0.0.1 reference.
sed -i "s/PRIMARY_HOSTNAME/$PRIMARY_HOSTNAME/" /etc/postfix/outgoing_mail_header_filters sed -i "s/PRIMARY_HOSTNAME/$PRIMARY_HOSTNAME/" /etc/postfix/outgoing_mail_header_filters
@ -178,6 +178,15 @@ tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
# See https://github.com/mail-in-a-box/mailinabox/issues/1523. # See https://github.com/mail-in-a-box/mailinabox/issues/1523.
tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1 tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
# ### RECIPIENT AND SENDER BLOCKING
# implement the rejection of email sent by certain senders or received by
# certain email addresses
if [ ! -f /etc/postfix/sender_checks ]; then
cp conf/reject.senders /etc/postfix/sender_checks
fi
if [ ! -f /etc/postfix/recipient_checks ]; then
cp conf/reject.recipients /etc/postfix/recipient_checks
fi
# Who can send mail to us? Some basic filters. # Who can send mail to us? Some basic filters.
# #
@ -198,7 +207,8 @@ tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
# "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
tools/editconf.py /etc/postfix/main.cf \ tools/editconf.py /etc/postfix/main.cf \
smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \ smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient,"check_policy_service inet:127.0.0.1:10023" smtpd_recipient_restrictions="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023, check_recipient_access regexp:/etc/postfix/recipient_checks, check_sender_access regexp:/etc/postfix/sender_checks"
# Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
# Postgrey listens on the same interface (and not IPv6, for instance). # Postgrey listens on the same interface (and not IPv6, for instance).