From 1839264f7a69c56f8d8d7e153360b72597294a38 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Wed, 7 Apr 2010 10:52:15 +0000
Subject: [PATCH] - don't block mails from localhost - added postfix-mxaccess
 for freebsd refs #119

---
 lib/configfiles/freebsd.inc.php               | 13 ++++++++++
 .../postfix_mxaccess/etc_postfix_mx_access    |  1 -
 .../postfix_mxaccess/etc_postfix_mx_access    |  1 -
 .../postfix_mxaccess/etc_postfix_main.cf      | 25 +++++++++++++++++++
 .../postfix_mxaccess/etc_postfix_mx_access    |  9 +++++++
 .../postfix_mxaccess/etc_postfix_mx_access    |  1 -
 .../postfix_mxaccess/etc_postfix_mx_access    |  1 -
 .../postfix_mxaccess/etc_postfix_mx_access    |  1 -
 8 files changed, 47 insertions(+), 5 deletions(-)
 create mode 100644 templates/misc/configfiles/freebsd/postfix_mxaccess/etc_postfix_main.cf
 create mode 100644 templates/misc/configfiles/freebsd/postfix_mxaccess/etc_postfix_mx_access

diff --git a/lib/configfiles/freebsd.inc.php b/lib/configfiles/freebsd.inc.php
index 630182d9..d8a2d57d 100644
--- a/lib/configfiles/freebsd.inc.php
+++ b/lib/configfiles/freebsd.inc.php
@@ -112,6 +112,19 @@ return Array(
 							'sh /usr/local/etc/rc.d/postfix restart'
 						)
 					),
+					'postfix_mxaccess' => Array(
+						'label' => 'Postfix MX-Access (anti spam)',
+						'files' => Array(
+							'etc_postfix_mx_access' => '/usr/local/etc/postfix/mx_access',
+							'etc_postfix_main.cf' => '/usr/local/etc/postfix/main.cf'
+						),
+						'commands_1' => Array(
+							'postmap /etc/postfix/mx_access'
+						),
+						'restart' => Array(
+							'/etc/init.d/postfix restart'
+						)
+					),
 					'dkim' => Array(
 						'label' => 'DomainKey filter',
 						'commands' => Array(
diff --git a/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_mx_access
index d1997f81..18a1ec5f 100644
--- a/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_mx_access
+++ b/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_mx_access
@@ -1,6 +1,5 @@
 0.0.0.0/8         REJECT Domain MX in broadcast network
 10.0.0.0/8        REJECT Domain MX in RFC 1918 private network
-127.0.0.0/8       REJECT Domain MX in loopback network
 169.254.0.0/16    REJECT Domain MX in link local network
 172.16.0.0/12     REJECT Domain MX in RFC 1918 private network
 192.0.2.0/24      REJECT Domain MX in TEST-NET network
diff --git a/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_mx_access
index d1997f81..18a1ec5f 100644
--- a/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_mx_access
+++ b/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_mx_access
@@ -1,6 +1,5 @@
 0.0.0.0/8         REJECT Domain MX in broadcast network
 10.0.0.0/8        REJECT Domain MX in RFC 1918 private network
-127.0.0.0/8       REJECT Domain MX in loopback network
 169.254.0.0/16    REJECT Domain MX in link local network
 172.16.0.0/12     REJECT Domain MX in RFC 1918 private network
 192.0.2.0/24      REJECT Domain MX in TEST-NET network
diff --git a/templates/misc/configfiles/freebsd/postfix_mxaccess/etc_postfix_main.cf b/templates/misc/configfiles/freebsd/postfix_mxaccess/etc_postfix_main.cf
new file mode 100644
index 00000000..d4c9f9de
--- /dev/null
+++ b/templates/misc/configfiles/freebsd/postfix_mxaccess/etc_postfix_main.cf
@@ -0,0 +1,25 @@
+#
+# ATTENTION - this is not the full postfix-main.cf file
+#
+# it only provides additional configuration-entries!
+#
+
+#
+# look for the follow statement
+#
+smtpd_recipient_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unauth_destination,
+	reject_unauth_pipelining,
+	reject_non_fqdn_recipient
+
+#
+# and extend it with the following line
+# so it looks like this
+#
+smtpd_recipient_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unauth_destination,
+	reject_unauth_pipelining,
+	reject_non_fqdn_recipient,
+	check_recipient_mx_access cidr:/usr/local/etc/postfix/mx_access
diff --git a/templates/misc/configfiles/freebsd/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/freebsd/postfix_mxaccess/etc_postfix_mx_access
new file mode 100644
index 00000000..18a1ec5f
--- /dev/null
+++ b/templates/misc/configfiles/freebsd/postfix_mxaccess/etc_postfix_mx_access
@@ -0,0 +1,9 @@
+0.0.0.0/8         REJECT Domain MX in broadcast network
+10.0.0.0/8        REJECT Domain MX in RFC 1918 private network
+169.254.0.0/16    REJECT Domain MX in link local network
+172.16.0.0/12     REJECT Domain MX in RFC 1918 private network
+192.0.2.0/24      REJECT Domain MX in TEST-NET network
+192.168.0.0/16    REJECT Domain MX in RFC 1918 private network
+224.0.0.0/4       REJECT Domain MX in class D multicast network
+240.0.0.0/5       REJECT Domain MX in class E reserved network
+248.0.0.0/5       REJECT Domain MX in reserved network
diff --git a/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_mx_access
index d1997f81..18a1ec5f 100644
--- a/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_mx_access
+++ b/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_mx_access
@@ -1,6 +1,5 @@
 0.0.0.0/8         REJECT Domain MX in broadcast network
 10.0.0.0/8        REJECT Domain MX in RFC 1918 private network
-127.0.0.0/8       REJECT Domain MX in loopback network
 169.254.0.0/16    REJECT Domain MX in link local network
 172.16.0.0/12     REJECT Domain MX in RFC 1918 private network
 192.0.2.0/24      REJECT Domain MX in TEST-NET network
diff --git a/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_mx_access
index d1997f81..18a1ec5f 100644
--- a/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_mx_access
+++ b/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_mx_access
@@ -1,6 +1,5 @@
 0.0.0.0/8         REJECT Domain MX in broadcast network
 10.0.0.0/8        REJECT Domain MX in RFC 1918 private network
-127.0.0.0/8       REJECT Domain MX in loopback network
 169.254.0.0/16    REJECT Domain MX in link local network
 172.16.0.0/12     REJECT Domain MX in RFC 1918 private network
 192.0.2.0/24      REJECT Domain MX in TEST-NET network
diff --git a/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_mx_access
index d1997f81..18a1ec5f 100644
--- a/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_mx_access
+++ b/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_mx_access
@@ -1,6 +1,5 @@
 0.0.0.0/8         REJECT Domain MX in broadcast network
 10.0.0.0/8        REJECT Domain MX in RFC 1918 private network
-127.0.0.0/8       REJECT Domain MX in loopback network
 169.254.0.0/16    REJECT Domain MX in link local network
 172.16.0.0/12     REJECT Domain MX in RFC 1918 private network
 192.0.2.0/24      REJECT Domain MX in TEST-NET network