basic restrictions

author: Gregor Kleen <gkleen@yggdrasil.li> 2016-04-28 18:00:10 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2016-04-28 18:00:10 +0200
commit: 6811e39f4b065bf2271b57d0dd5aa58db14e9b7e (patch)
tree: 9864aeb21767550b8825ab5b4555ba9d3e7d0ee1
parent: e52549d862beb629970b12b349b959f11955d93f (diff)
download: nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.tar
nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.tar.gz
nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.tar.bz2
nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.tar.xz
nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/ymir.nix b/ymir.nix
index 8b2e1b12..80f1f11f 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -335,6 +335,28 @@ in rec {
      smtpd_sasl_security_options = noanonymous, noplaintext
      smtpd_sasl_tls_security_options = noanonymous
      smtpd_tls_auth_only = yes
+      smtpd_delay_reject = yes
+      smtpd_helo_required = yes
+      smtpd_helo_restrictions =
+        permit_mynetworks,
+        reject_non_fqdn_helo_hostname,
+        reject_invalid_helo_hostname,
+        permit
+      smtpd_sender_restrictions =
+        permit_mynetworks,
+        reject_non_fqdn_sender,
+        reject_unknown_sender_domain,
+        permit
+      smtpd_recipient_restrictions =
+        reject_unauth_pipelining,
+        reject_non_fqdn_recipient,
+        reject_unknown_recipient_domain,
+        permit_mynetworks,
+        reject_unauth_destination,
+        permit
    '';
    extraMasterConf = ''
      uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient)
author	Gregor Kleen <gkleen@yggdrasil.li>	2016-04-28 18:00:10 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2016-04-28 18:00:10 +0200
commit	6811e39f4b065bf2271b57d0dd5aa58db14e9b7e (patch)
tree	9864aeb21767550b8825ab5b4555ba9d3e7d0ee1
parent	e52549d862beb629970b12b349b959f11955d93f (diff)
download	nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.tar nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.tar.gz nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.tar.bz2 nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.tar.xz nixos-6811e39f4b065bf2271b57d0dd5aa58db14e9b7e.zip

diff --git a/ymir.nix b/ymir.nix index 8b2e1b12..80f1f11f 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -335,6 +335,28 @@ in rec {
335	smtpd_sasl_security_options = noanonymous, noplaintext	335	smtpd_sasl_security_options = noanonymous, noplaintext
336	smtpd_sasl_tls_security_options = noanonymous	336	smtpd_sasl_tls_security_options = noanonymous
337	smtpd_tls_auth_only = yes	337	smtpd_tls_auth_only = yes
		338
		339	smtpd_delay_reject = yes
		340	smtpd_helo_required = yes
		341	smtpd_helo_restrictions =
		342	permit_mynetworks,
		343	reject_non_fqdn_helo_hostname,
		344	reject_invalid_helo_hostname,
		345	permit
		346
		347	smtpd_sender_restrictions =
		348	permit_mynetworks,
		349	reject_non_fqdn_sender,
		350	reject_unknown_sender_domain,
		351	permit
		352
		353	smtpd_recipient_restrictions =
		354	reject_unauth_pipelining,
		355	reject_non_fqdn_recipient,
		356	reject_unknown_recipient_domain,
		357	permit_mynetworks,
		358	reject_unauth_destination,
		359	permit
338	'';	360	'';
339	extraMasterConf = ''	361	extraMasterConf = ''
340	uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient)	362	uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient)