infra/ansible-role-postfix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve security and standard compliance

Browse source
This commit is contained in:
Morre 2020-07-10 12:46:53 +02:00
parent 78f0541c98
commit de9afb8a5f
No known key found for this signature in database
GPG key ID: 5D9B9B1B8F424BBC
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
templates/main.cf.j2
View file

@ -89,13 +89,11 @@ virtual_mailbox_domains = {{ postfix.virtual_mailbox_domains|join(' ') }}
# TODO: This is already enabled when using dovecot as transport # TODO: This is already enabled when using dovecot as transport
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Restrictions # Restrictions
smtpd_helo_required = yes smtpd_helo_required = yes
strict_rfc821_envelopes = yes strict_rfc821_envelopes = yes
disable_vrfy_command = yes disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_restrictions = permit_mynetworks, smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated, permit_sasl_authenticated,
@ -106,6 +104,7 @@ smtpd_helo_restrictions = permit_mynetworks,
# TODO: This is already enabled when using dovecot as transport # TODO: This is already enabled when using dovecot as transport
smtpd_sender_restrictions = reject_non_fqdn_sender, smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unknown_sender_domain,
reject_sender_login_mismatch,
permit_mynetworks, permit_mynetworks,
permit_sasl_authenticated permit_sasl_authenticated