diff options
| author | William_S <wsta@mechakhan.com> | 2022-09-11 11:59:45 +0200 |
|---|---|---|
| committer | William_S <wsta@mechakhan.com> | 2022-09-11 11:59:45 +0200 |
| commit | 6bbffff113e11cf29dd6b42a98b9bb56bf071cc4 (patch) | |
| tree | 2257aba00bd8655a90581f0bb7532199951f0b7c | |
| parent | f552787e7b3210891ca6863b91af259488f1efb5 (diff) | |
add sender restrictions for our own users
| -rwxr-xr-x | emailwiz.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/emailwiz.sh b/emailwiz.sh index a85c259..273be45 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -94,6 +94,8 @@ postconf -e 'smtpd_sasl_type = dovecot' postconf -e 'smtpd_sasl_path = private/auth' # Sender and recipient restrictions +postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre" +postconf -e "smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch" postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination' # NOTE: the trailing slash here, or for any directory name in the home_mailbox @@ -106,6 +108,10 @@ postconf -e 'home_mailbox = Mail/Inbox/' # Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses postconf -e "header_checks = regexp:/etc/postfix/header_checks" +# Create a login map file that ensures that if a sender wants to send a mail from a user at our local +# domain, they must be authenticated as that user +echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" > /etc/postfix/login_maps.pcre + # strips "Received From:" in sent emails echo "/^Received:.*/ IGNORE /^X-Originating-IP:/ IGNORE" >> /etc/postfix/header_checks |