From 5f9d90a29336d03baaed24e350987848767f4a10 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 7 Apr 2010 10:35:50 +0000 Subject: [PATCH] added Postfix MX-Access, fixes #119 --- lib/configfiles/etch.inc.php | 13 ++++++++++ lib/configfiles/gentoo.inc.php | 13 ++++++++++ lib/configfiles/hardy.inc.php | 13 ++++++++++ lib/configfiles/lenny.inc.php | 13 ++++++++++ lib/configfiles/suse10.inc.php | 13 ++++++++++ .../postfix_mxaccess/etc_postfix_main.cf | 25 +++++++++++++++++++ .../postfix_mxaccess/etc_postfix_mx_access | 10 ++++++++ .../postfix_mxaccess/etc_postfix_main.cf | 25 +++++++++++++++++++ .../postfix_mxaccess/etc_postfix_mx_access | 10 ++++++++ .../postfix_mxaccess/etc_postfix_main.cf | 25 +++++++++++++++++++ .../postfix_mxaccess/etc_postfix_mx_access | 10 ++++++++ .../postfix_mxaccess/etc_postfix_main.cf | 25 +++++++++++++++++++ .../postfix_mxaccess/etc_postfix_mx_access | 10 ++++++++ .../postfix_mxaccess/etc_postfix_main.cf | 25 +++++++++++++++++++ .../postfix_mxaccess/etc_postfix_mx_access | 10 ++++++++ 15 files changed, 240 insertions(+) create mode 100644 templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_main.cf create mode 100644 templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_mx_access create mode 100644 templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_main.cf create mode 100644 templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_mx_access create mode 100644 templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_main.cf create mode 100644 templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_mx_access create mode 100644 templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_main.cf create mode 100644 templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_mx_access create mode 100644 templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_main.cf create mode 100644 templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_mx_access diff --git a/lib/configfiles/etch.inc.php b/lib/configfiles/etch.inc.php index dff33daa..bcd90f3e 100644 --- a/lib/configfiles/etch.inc.php +++ b/lib/configfiles/etch.inc.php @@ -135,6 +135,19 @@ return Array( 'newaliases' ) ), + 'postfix_mxaccess' => Array( + 'label' => 'Postfix MX-Access (anti spam)', + 'files' => Array( + 'etc_postfix_mx_access' => '/etc/postfix/mx_access', + 'etc_postfix_main.cf' => '/etc/postfix/main.cf' + ), + 'commands_1' => Array( + 'postmap /etc/postfix/mx_access' + ), + 'restart' => Array( + '/etc/init.d/postfix restart' + ) + ), 'exim4' => Array( 'label' => 'Exim4', 'commands_1' => Array( diff --git a/lib/configfiles/gentoo.inc.php b/lib/configfiles/gentoo.inc.php index 469b4175..60b14d29 100644 --- a/lib/configfiles/gentoo.inc.php +++ b/lib/configfiles/gentoo.inc.php @@ -128,6 +128,19 @@ return Array( '/etc/init.d/postfix restart' ) ), + 'postfix_mxaccess' => Array( + 'label' => 'Postfix MX-Access (anti spam)', + 'files' => Array( + 'etc_postfix_mx_access' => '/etc/postfix/mx_access', + 'etc_postfix_main.cf' => '/etc/postfix/main.cf' + ), + 'commands_1' => Array( + 'postmap /etc/postfix/mx_access' + ), + 'restart' => Array( + '/etc/init.d/postfix restart' + ) + ), 'dkim' => Array( 'label' => 'DomainKey filter', 'commands_1' => Array( diff --git a/lib/configfiles/hardy.inc.php b/lib/configfiles/hardy.inc.php index ba8a3b4c..ffe25e29 100644 --- a/lib/configfiles/hardy.inc.php +++ b/lib/configfiles/hardy.inc.php @@ -135,6 +135,19 @@ return Array( 'newaliases' ) ), + 'postfix_mxaccess' => Array( + 'label' => 'Postfix MX-Access (anti spam)', + 'files' => Array( + 'etc_postfix_mx_access' => '/etc/postfix/mx_access', + 'etc_postfix_main.cf' => '/etc/postfix/main.cf' + ), + 'commands_1' => Array( + 'postmap /etc/postfix/mx_access' + ), + 'restart' => Array( + '/etc/init.d/postfix restart' + ) + ), 'exim4' => Array( 'label' => 'Exim4', 'commands_1' => Array( diff --git a/lib/configfiles/lenny.inc.php b/lib/configfiles/lenny.inc.php index 510d7593..4c8532d2 100644 --- a/lib/configfiles/lenny.inc.php +++ b/lib/configfiles/lenny.inc.php @@ -135,6 +135,19 @@ return Array( 'newaliases' ) ), + 'postfix_mxaccess' => Array( + 'label' => 'Postfix MX-Access (anti spam)', + 'files' => Array( + 'etc_postfix_mx_access' => '/etc/postfix/mx_access', + 'etc_postfix_main.cf' => '/etc/postfix/main.cf' + ), + 'commands_1' => Array( + 'postmap /etc/postfix/mx_access' + ), + 'restart' => Array( + '/etc/init.d/postfix restart' + ) + ), 'exim4' => Array( 'label' => 'Exim4', 'commands_1' => Array( diff --git a/lib/configfiles/suse10.inc.php b/lib/configfiles/suse10.inc.php index c5c04052..c7bfc2be 100644 --- a/lib/configfiles/suse10.inc.php +++ b/lib/configfiles/suse10.inc.php @@ -89,6 +89,19 @@ return Array( 'restart' => Array( '/etc/init.d/postfix restart' ) + ), + 'postfix_mxaccess' => Array( + 'label' => 'Postfix MX-Access (anti spam)', + 'files' => Array( + 'etc_postfix_mx_access' => '/etc/postfix/mx_access', + 'etc_postfix_main.cf' => '/etc/postfix/main.cf' + ), + 'commands_1' => Array( + 'postmap /etc/postfix/mx_access' + ), + 'restart' => Array( + '/etc/init.d/postfix restart' + ) ) ) ), diff --git a/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_main.cf b/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_main.cf new file mode 100644 index 00000000..82b23a03 --- /dev/null +++ b/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_main.cf @@ -0,0 +1,25 @@ +# +# ATTENTION - this is not the full postfix-main.cf file +# +# it only provides additional configuration-entries! +# + +# +# look for the follow statement +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient + +# +# and extend it with the following line +# so it looks like this +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient, + check_recipient_mx_access cidr:/etc/postfix/mx_access diff --git a/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_mx_access new file mode 100644 index 00000000..d1997f81 --- /dev/null +++ b/templates/misc/configfiles/debian_etch/postfix_mxaccess/etc_postfix_mx_access @@ -0,0 +1,10 @@ +0.0.0.0/8 REJECT Domain MX in broadcast network +10.0.0.0/8 REJECT Domain MX in RFC 1918 private network +127.0.0.0/8 REJECT Domain MX in loopback network +169.254.0.0/16 REJECT Domain MX in link local network +172.16.0.0/12 REJECT Domain MX in RFC 1918 private network +192.0.2.0/24 REJECT Domain MX in TEST-NET network +192.168.0.0/16 REJECT Domain MX in RFC 1918 private network +224.0.0.0/4 REJECT Domain MX in class D multicast network +240.0.0.0/5 REJECT Domain MX in class E reserved network +248.0.0.0/5 REJECT Domain MX in reserved network diff --git a/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_main.cf b/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_main.cf new file mode 100644 index 00000000..82b23a03 --- /dev/null +++ b/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_main.cf @@ -0,0 +1,25 @@ +# +# ATTENTION - this is not the full postfix-main.cf file +# +# it only provides additional configuration-entries! +# + +# +# look for the follow statement +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient + +# +# and extend it with the following line +# so it looks like this +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient, + check_recipient_mx_access cidr:/etc/postfix/mx_access diff --git a/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_mx_access new file mode 100644 index 00000000..d1997f81 --- /dev/null +++ b/templates/misc/configfiles/debian_lenny/postfix_mxaccess/etc_postfix_mx_access @@ -0,0 +1,10 @@ +0.0.0.0/8 REJECT Domain MX in broadcast network +10.0.0.0/8 REJECT Domain MX in RFC 1918 private network +127.0.0.0/8 REJECT Domain MX in loopback network +169.254.0.0/16 REJECT Domain MX in link local network +172.16.0.0/12 REJECT Domain MX in RFC 1918 private network +192.0.2.0/24 REJECT Domain MX in TEST-NET network +192.168.0.0/16 REJECT Domain MX in RFC 1918 private network +224.0.0.0/4 REJECT Domain MX in class D multicast network +240.0.0.0/5 REJECT Domain MX in class E reserved network +248.0.0.0/5 REJECT Domain MX in reserved network diff --git a/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_main.cf b/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_main.cf new file mode 100644 index 00000000..82b23a03 --- /dev/null +++ b/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_main.cf @@ -0,0 +1,25 @@ +# +# ATTENTION - this is not the full postfix-main.cf file +# +# it only provides additional configuration-entries! +# + +# +# look for the follow statement +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient + +# +# and extend it with the following line +# so it looks like this +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient, + check_recipient_mx_access cidr:/etc/postfix/mx_access diff --git a/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_mx_access new file mode 100644 index 00000000..d1997f81 --- /dev/null +++ b/templates/misc/configfiles/gentoo/postfix_mxaccess/etc_postfix_mx_access @@ -0,0 +1,10 @@ +0.0.0.0/8 REJECT Domain MX in broadcast network +10.0.0.0/8 REJECT Domain MX in RFC 1918 private network +127.0.0.0/8 REJECT Domain MX in loopback network +169.254.0.0/16 REJECT Domain MX in link local network +172.16.0.0/12 REJECT Domain MX in RFC 1918 private network +192.0.2.0/24 REJECT Domain MX in TEST-NET network +192.168.0.0/16 REJECT Domain MX in RFC 1918 private network +224.0.0.0/4 REJECT Domain MX in class D multicast network +240.0.0.0/5 REJECT Domain MX in class E reserved network +248.0.0.0/5 REJECT Domain MX in reserved network diff --git a/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_main.cf b/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_main.cf new file mode 100644 index 00000000..82b23a03 --- /dev/null +++ b/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_main.cf @@ -0,0 +1,25 @@ +# +# ATTENTION - this is not the full postfix-main.cf file +# +# it only provides additional configuration-entries! +# + +# +# look for the follow statement +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient + +# +# and extend it with the following line +# so it looks like this +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient, + check_recipient_mx_access cidr:/etc/postfix/mx_access diff --git a/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_mx_access new file mode 100644 index 00000000..d1997f81 --- /dev/null +++ b/templates/misc/configfiles/suse_linux_10_0/postfix_mxaccess/etc_postfix_mx_access @@ -0,0 +1,10 @@ +0.0.0.0/8 REJECT Domain MX in broadcast network +10.0.0.0/8 REJECT Domain MX in RFC 1918 private network +127.0.0.0/8 REJECT Domain MX in loopback network +169.254.0.0/16 REJECT Domain MX in link local network +172.16.0.0/12 REJECT Domain MX in RFC 1918 private network +192.0.2.0/24 REJECT Domain MX in TEST-NET network +192.168.0.0/16 REJECT Domain MX in RFC 1918 private network +224.0.0.0/4 REJECT Domain MX in class D multicast network +240.0.0.0/5 REJECT Domain MX in class E reserved network +248.0.0.0/5 REJECT Domain MX in reserved network diff --git a/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_main.cf b/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_main.cf new file mode 100644 index 00000000..82b23a03 --- /dev/null +++ b/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_main.cf @@ -0,0 +1,25 @@ +# +# ATTENTION - this is not the full postfix-main.cf file +# +# it only provides additional configuration-entries! +# + +# +# look for the follow statement +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient + +# +# and extend it with the following line +# so it looks like this +# +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining, + reject_non_fqdn_recipient, + check_recipient_mx_access cidr:/etc/postfix/mx_access diff --git a/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_mx_access b/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_mx_access new file mode 100644 index 00000000..d1997f81 --- /dev/null +++ b/templates/misc/configfiles/ubuntu_hardy/postfix_mxaccess/etc_postfix_mx_access @@ -0,0 +1,10 @@ +0.0.0.0/8 REJECT Domain MX in broadcast network +10.0.0.0/8 REJECT Domain MX in RFC 1918 private network +127.0.0.0/8 REJECT Domain MX in loopback network +169.254.0.0/16 REJECT Domain MX in link local network +172.16.0.0/12 REJECT Domain MX in RFC 1918 private network +192.0.2.0/24 REJECT Domain MX in TEST-NET network +192.168.0.0/16 REJECT Domain MX in RFC 1918 private network +224.0.0.0/4 REJECT Domain MX in class D multicast network +240.0.0.0/5 REJECT Domain MX in class E reserved network +248.0.0.0/5 REJECT Domain MX in reserved network