Support reject_sender_login_mismatch and smtpd_sender_login_maps

2020-10-21 19:29:56 +02:00 · 2020-10-21 19:29:56 +02:00 · 775037b622
parent 1ef6d31abd
commit 775037b622
2 changed files with 26 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -88,6 +88,13 @@ postfix_smtpd_mx_client_restrictions:
  - reject_unknown_recipient_domain
  - reject_unlisted_recipient

+#############################################################################
+# SMTP sender restrictions
+#############################################################################
+postfix_smtpd_sender_restrictions: True
+postfix_reject_sender_login_mismatch: False
+postfix_smtpd_sender_login_maps: []
+postfix_smtpd_additional_sender_restrictions: []
 #############################################################################
 # SMTP submission server: accepts authenticated clients
 #############################################################################
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@ -616,16 +616,33 @@ broken_sasl_auth_clients = yes
 # Block clients that speak too early.
 smtpd_data_restrictions = reject_unauth_pipelining
 {% endif %}
+{% if postfix_reject_sender_login_mismatch %}
+smtpd_sender_login_maps
+{% for login_map in postfix_smtpd_sender_login_maps %}
+        {{ login_map }}
+{% endfor %}
+
+{% endif %}
+
 {% if postfix_smtpd_reject_unknown_helo_hostname %}
 # Don't talk to mail systems that don't know their own hostname. Use with care: it breaks most dialup setups
 smtpd_helo_restrictions = reject_unknown_helo_hostname
 {% endif %}
-{% if postfix_reject_unknown_sender_domain %}
-# Don't accept mail from domains that don't exist.
+{% if postfix_smtpd_sender_restrictions %}
+# Do not accept everything
 smtpd_sender_restrictions =
+{% if postfix_reject_unknown_sender_domain %}
        reject_unknown_sender_domain
        reject_non_fqdn_sender
 {% endif %}
+{% if postfix_reject_sender_login_mismatch %}
+        reject_sender_login_mismatch
+{% endif %}
+{% for rule in postfix_smtpd_additional_sender_restrictions %}
+        {{ rule }}
+{% endfor %}
+{% endif %}
+
 {% if postfix_submission_server %}
 # Relay control: local clients and
 # authenticated clients may specify any destination domain.