[postfix] Harden configuration.

author Jakub Czajka <jakub@ekhem.eu.org>

Fri, 18 Nov 2022 19:42:35 +0000 (20:42 +0100)

committer Jakub Czajka <jakub@ekhem.eu.org>

Sun, 3 Dec 2023 17:00:57 +0000 (18:00 +0100)
author Jakub Czajka <jakub@ekhem.eu.org>
Fri, 18 Nov 2022 19:42:35 +0000 (20:42 +0100)
committer Jakub Czajka <jakub@ekhem.eu.org>
Sun, 3 Dec 2023 17:00:57 +0000 (18:00 +0100)
diff --git a/postfix/main.cf b/postfix/main.cf

index ac143ec57048365d9802f2005a38a805b01b0b51..644280319c5fcbfe0166fd786b689055260c9d57 100644 (file)
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -33,6 +33,8 @@ alias_maps = pgsql:/etc/postfix/address_book.cf
  ## Deliver to dovecot.
  mailbox_transport = lmtp:unix:private/dovecot-lmtp
  
+# Hardening
+disable_vrfy_command = yes
  smtpd_reject_unlisted_sender = yes
  
  # HELO command
@@ -56,6 +58,9 @@ smtpd_sender_restrictions = reject_non_fqdn_sender,
  ## Authenticate RCPT TO address.
  smtpd_relay_restrictions = permit_sasl_authenticated, defer_unauth_destination
  
+# SMTP
+smtp_defer_if_no_mx_address_found = yes
+
  # OpenDKIM
  milter_protocol = 2
  milter_default_action = accept
author	Jakub Czajka <jakub@ekhem.eu.org>
	Fri, 18 Nov 2022 19:42:35 +0000 (20:42 +0100)
committer	Jakub Czajka <jakub@ekhem.eu.org>
	Sun, 3 Dec 2023 17:00:57 +0000 (18:00 +0100)