diff options
| author | Luke Smith <luke@lukesmith.xyz> | 2023-01-26 17:06:40 -0500 |
|---|---|---|
| committer | Luke Smith <luke@lukesmith.xyz> | 2023-01-26 17:06:40 -0500 |
| commit | b2ab4f4d68a0f6116a0048a1a0ea6715420160a3 (patch) | |
| tree | e04cda68ec0fc6ec41e35858491f584391bc4995 /emailwiz.sh | |
| parent | ab9e25ffbffa1f685223ee819a7fc9ce3f04677a (diff) | |
| parent | 2dc5e0575430d42998a8b9221d36381d2d775e3a (diff) | |
Merge branch 'master' of github.com:LukeSmithxyz/emailwiz
Diffstat (limited to 'emailwiz.sh')
| -rw-r--r--[-rwxr-xr-x] | emailwiz.sh | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/emailwiz.sh b/emailwiz.sh index 69fe185..64a64e4 100755..100644 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -94,6 +94,7 @@ postconf -e 'smtpd_sasl_type = dovecot' postconf -e 'smtpd_sasl_path = private/auth' # Sender, relay and recipient restrictions +postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre" postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain' postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination' @@ -107,6 +108,10 @@ postconf -e 'home_mailbox = Mail/Inbox/' # Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses postconf -e "header_checks = regexp:/etc/postfix/header_checks" +# Create a login map file that ensures that if a sender wants to send a mail from a user at our local +# domain, they must be authenticated as that user +echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" > /etc/postfix/login_maps.pcre + # strips "Received From:" in sent emails echo "/^Received:.*/ IGNORE /^X-Originating-IP:/ IGNORE" >> /etc/postfix/header_checks |