From 617bca39f31644b1bd7d04704e53be2a37e39166 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Fri, 18 Nov 2022 20:42:35 +0100
Subject: [PATCH] [postfix] Harden configuration.

---
 postfix/main.cf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/postfix/main.cf b/postfix/main.cf
index ac143ec..6442803 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -33,6 +33,8 @@ alias_maps = pgsql:/etc/postfix/address_book.cf
 ## Deliver to dovecot.
 mailbox_transport = lmtp:unix:private/dovecot-lmtp
 
+# Hardening
+disable_vrfy_command = yes
 smtpd_reject_unlisted_sender = yes
 
 # HELO command
@@ -56,6 +58,9 @@ smtpd_sender_restrictions = reject_non_fqdn_sender,
 ## Authenticate RCPT TO address.
 smtpd_relay_restrictions = permit_sasl_authenticated, defer_unauth_destination
 
+# SMTP
+smtp_defer_if_no_mx_address_found = yes
+
 # OpenDKIM
 milter_protocol = 2
 milter_default_action = accept
-- 
2.39.5