I am hosting mail for friends and family on Postfix 2.3.3. I would like
to turn on reject_sender_login_mismatch, but only for certain domains.
Could I trouble you for a short howto?
Requisite postconf -n (redactions noted as XXXXXXXXXX)
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks
body_checks_size_limit = 256000
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
connection_cache_status_update_time = 6000s
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
delay_warning_time = 10m
disable_vrfy_command = yes
fallback_transport = cyrus
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = XXXXXXXXXX, localhost
local_destination_concurrency_limit = 5
local_destination_recipient_limit = 300
mail_owner = postfix
mailbox_size_limit = 81920000
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 81920000
mydestination = mysql:/etc/postfix/mysql-mydestination.cf
mydomain = XXXXXXXXX (like srv.example.com)
myhostname = XXXXXXXXXXXXXX (like srv.example.com)
mynetworks = XXXXXXXXX
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtp_tls_key_file = /etc/postfix/ssl/smtpd.key
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_data_restrictions = reject_unauth_pipelining,
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/bad_reject_senders, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, check_helo_access
hash:/etc/postfix/helo_access, check_helo_access
regexp:/etc/postfix/helo_access_regexp, reject_non_fqdn_hostname,
reject_invalid_hostname, check_recipient_access
hash:/etc/postfix/bad_reject_recipients, check_sender_access
hash:/etc/postfix/dnsbl-whitelist, reject_rbl_client
zen.spamhaus.org, reject_rbl_client cbl.abuseat.org,
reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net,
check_policy_service inet:127.0.0.1:2501, check_recipient_access
regexp:/etc/postfix/amavisd_access, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-owner.cf
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/bad_reject_senders, check_sender_access
hash:/etc/postfix/whitelist_sender_domain, check_recipient_access
hash:/etc/postfix/whitelist_recipient_domain,
reject_unknown_sender_domain, permit
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
--
Sincerely,
John Thomas
|
