smtpd_recipient_restrictions and smtpd_client_restrictions are now customizable.

2020-08-11 17:59:44 +02:00 · 2020-08-11 17:59:44 +02:00 · 2c2f874e97
parent db95704162
commit 2c2f874e97
2 changed files with 23 additions and 13 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -68,9 +68,26 @@ postfix_milter_action: tempfail
 # SMTP server that not accept authenticated clients. 
 #############################################################################
 postfix_smtpd_server: False
+postfix_smtpd_server_restrictions:
+  - permit_mynetworks
+  - reject_unknown_recipient_domain
+  - reject_non_fqdn_recipient
+  - reject_unauth_destination
+  - reject_unauth_pipelining
+  - reject_unlisted_recipient
+
 # SMTP server that routes emails coming from outside
 #############################################################################
 postfix_mx_server: False
+postfix_smtpd_mx_client_restrictions:
+  - reject_unknown_sender_domain
+  - reject_non_fqdn_sender
+  - reject_non_fqdn_recipient
+  - reject_invalid_hostname
+  - reject_unauth_destination
+  - reject_unknown_recipient_domain
+  - reject_unlisted_recipient
+
 #############################################################################
 # SMTP submission server: accepts authenticated clients
 #############################################################################
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@ -582,12 +582,9 @@ smtpd_milters =

 {% if postfix_smtpd_server %}
 smtpd_recipient_restrictions =
-        permit_mynetworks
-        reject_unknown_recipient_domain
-        reject_non_fqdn_recipient
-        reject_unauth_destination
-        reject_unauth_pipelining
-        reject_unlisted_recipient
+{% for recipient_rule in postfix_smtpd_server_restrictions %}
+        {{ recipient_rule }}
+{% endfor %}
 {% if postfix_rbl_enabled %}
        reject_rbl_client {{ postfix_rbl_list }}
 {% endif %}
@ -599,13 +596,9 @@ smtpd_client_restrictions =
        permit_sasl_authenticated
 {% endif %}
 {% if postfix_mx_server %}
-        reject_unknown_sender_domain
-        reject_non_fqdn_sender
-        reject_non_fqdn_recipient
-        reject_invalid_hostname
-        reject_unauth_destination
-        reject_unknown_recipient_domain
-        reject_unlisted_recipient
+{% for client_rule in postfix_smtpd_mx_client_restrictions %}
+        {{ client_rule }}
+{% endfor %}
 {% if postfix_rbl_enabled %}
        reject_rbl_client {{ postfix_rbl_list }}
 {% endif %}