Browse Source

Move DNSBL to postscreen (fixes #45)

Luke Cyca 11 years ago
parent
commit
369b90925a

+ 5
- 5
roles/mailserver/files/etc_postfix_master.cf View File

@@ -8,11 +8,11 @@
8 8
 # service type  private unpriv  chroot  wakeup  maxproc command + args
9 9
 #               (yes)   (yes)   (yes)   (never) (100)
10 10
 # ==========================================================================
11
-smtp       inet  n       -       -       -       -       smtpd
12
-#smtp      inet  n       -       -       -       1       postscreen
13
-#smtpd     pass  -       -       -       -       -       smtpd
14
-#dnsblog   unix  -       -       -       -       0       dnsblog
15
-#tlsproxy  unix  -       -       -       -       0       tlsproxy
11
+#smtp      inet  n       -       -       -       -       smtpd
12
+smtp       inet  n       -       -       -       1       postscreen
13
+smtpd      pass  -       -       -       -       -       smtpd
14
+dnsblog    unix  -       -       -       -       0       dnsblog
15
+tlsproxy   unix  -       -       -       -       0       tlsproxy
16 16
 #submission inet  n       -       -       -       -       smtpd
17 17
 #  -o syslog_name=postfix/submission
18 18
 #  -o smtpd_tls_security_level=encrypt

+ 14
- 8
roles/mailserver/templates/etc_postfix_main.cf.j2 View File

@@ -63,14 +63,6 @@ smtpd_recipient_restrictions =
63 63
   reject_non_fqdn_hostname,
64 64
   reject_non_fqdn_recipient,
65 65
   reject_unknown_recipient_domain,
66
-  reject_rbl_client multihop.dsbl.org,
67
-  reject_rbl_client zen.spamhaus.org,
68
-  reject_rbl_client cbl.abuseat.org,
69
-  reject_rbl_client bl.spamcop.net,
70
-  reject_rbl_client dnsbl.sorbs.net,
71
-  reject_rbl_client all.spamrats.com=127.0.0.36,
72
-  reject_rbl_client all.spamrats.com=127.0.0.38,
73
-  reject_rbl_client dnsbl.ahbl.org,
74 66
   check_policy_service inet:127.0.0.1:10023,
75 67
   permit
76 68
 
@@ -106,3 +98,17 @@ dspam_destination_recipient_limit = 1
106 98
 smtpd_client_restrictions =
107 99
   permit_sasl_authenticated
108 100
   check_client_access pcre:/etc/postfix/dspam_filter_access
101
+
102
+# Postscreen
103
+postscreen_access_list = permit_mynetworks
104
+postscreen_dnsbl_sites =
105
+  multihop.dsbl.org*2
106
+  sbl-xbl.spamhaus.org*2
107
+  cbl.abuseat.org*2
108
+  bl.spamcop.net*2
109
+  dnsbl.sorbs.net*1
110
+  spam.spamrats.com*2
111
+  dnsbl.ahbl.org*2
112
+postscreen_dnsbl_threshold = 3
113
+postscreen_dnsbl_action = enforce
114
+postscreen_greet_action = enforce

Loading…
Cancel
Save