commit 7b46b938db9f2cb92c9ffac1687d3676a1767046 Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Wed Jul 31 10:52:31 2019 +0200 Update postfix main.cf roles/base/files/postfix/main.cf/main.cf.mailman | 4 ++++ roles/base/files/postfix/main.cf/main.cf.smtp-mm | 4 ++++ 2 files changed, 8 insertions(+), 0 deletions(-) --- diff --git a/roles/base/files/postfix/main.cf/main.cf.mailman b/roles/base/files/postfix/main.cf/main.cf.mailman index f36ec30..29e635f 100644 --- a/roles/base/files/postfix/main.cf/main.cf.mailman +++ b/roles/base/files/postfix/main.cf/main.cf.mailman @@ -702,3 +702,7 @@ owner_request_special = no transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp relay_domains = hash:/var/lib/mailman3/data/postfix_domains + +smtpd_sender_restrictions = + check_sender_access regexp:/etc/postfix/sender_access + permit diff --git a/roles/base/files/postfix/main.cf/main.cf.smtp-mm b/roles/base/files/postfix/main.cf/main.cf.smtp-mm index e5db424..1f40a9f 100644 --- a/roles/base/files/postfix/main.cf/main.cf.smtp-mm +++ b/roles/base/files/postfix/main.cf/main.cf.smtp-mm @@ -701,6 +701,7 @@ message_size_limit = 20971520 smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes +smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4 @@ -732,3 +733,6 @@ smtp_tls_loglevel = 1 smtp_tls_cert_file = /etc/pki/tls/certs/localhost.crt smtp_tls_key_file = /etc/pki/tls/private/localhost.key smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt + +# Deny email from some domains +smtpd_sender_restrictions = regexp:/etc/postfix/sender_access