--- Begin Message ---
On 06.02.2021 13:00, [email protected] wrote:
Du könntest einen pcre-check davor einbauen und die fritzbox als OK
durchwinken.
davon rate ich ab
Ist keiner 100% saubere Lösung, aber wenn man die FB nicht anders
einstellen kann.. besser als die ganzen checks rauszutun.
f. submission macht man das in der master.cf extra z.B. so
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_delay_reject=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_helo_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
das bewirkt, dass eine Authentication alleine genügt;
in der main.cf hab ich das so
smtpd_client_restrictions_submission = permit_sasl_authenticated, reject
smtpd_client_restrictions = permit_mynetworks,
check_client_access cidr:/etc/postfix/drop.cidr,
check_client_access hash:/etc/postfix/client_access,
check_client_access cidr:/etc/postfix/client_access.cidr,
reject_unauth_pipelining,
reject_unknown_client_hostname,
reject_unknown_reverse_client_hostname,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client noptr.spamrats.com,
reject_rbl_client dyna.spamrats.com,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client dnsbl.justspam.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
permit
smtpd_helo_restrictions_submission = permit_sasl_authenticated, reject
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_rhsbl_helo rhsbl.sorbs.net,
reject_rhsbl_helo dbl.spamhaus.org,
check_helo_mx_access cidr:/etc/postfix/drop.cidr,
check_helo_ns_access cidr:/etc/postfix/drop.cidr,
permit
smtpd_sender_restrictions_submission = permit_sasl_authenticated, reject
smtpd_sender_restrictions = permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_rhsbl_sender rhsbl.sorbs.net,
reject_rhsbl_sender dbl.spamhaus.org,
check_sender_mx_access cidr:/etc/postfix/drop.cidr,
check_sender_ns_access cidr:/etc/postfix/drop.cidr,
check_sender_access mysql:/etc/postfix/sender_access.cf,
check_sender_access hash:/etc/postfix/sender_access,
permit
smtpd_recipient_restrictions_submission = permit_sasl_authenticated, reject
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_policy_service unix:private/policyd-spf,
check_recipient_access hash:/etc/postfix/recipient_access,
reject
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
die jeweiligen zeilen mit _submission dienen hier nur als Kommentar;
smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---
