Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[Postfix] Anonymize sender IP for mail sent locally (#3811)

Browse Source 
This commit resolve #3723
This commit is contained in:
Dmitriy Alekseev 2020-10-17 10:06:38 +03:00 committed by GitHub
parent f8291d1967
commit 9ba1d4626d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
data/conf/postfix/master.cf
View File

@ -15,6 +15,7 @@ smtps inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/smtps -o syslog_name=postfix/smtps
-o smtpd_end_of_data_restrictions=$smtpd_last_auth -o smtpd_end_of_data_restrictions=$smtpd_last_auth
10465 inet n - n - - smtpd 10465 inet n - n - - smtpd
@ -23,6 +24,7 @@ smtps inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/smtps-haproxy -o syslog_name=postfix/smtps-haproxy
-o smtpd_end_of_data_restrictions=$smtpd_last_auth -o smtpd_end_of_data_restrictions=$smtpd_last_auth
@ -34,6 +36,7 @@ submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/submission -o syslog_name=postfix/submission
-o smtpd_end_of_data_restrictions=$smtpd_last_auth -o smtpd_end_of_data_restrictions=$smtpd_last_auth
10587 inet n - n - - smtpd 10587 inet n - n - - smtpd
@ -43,6 +46,7 @@ submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/submission-haproxy -o syslog_name=postfix/submission-haproxy
-o smtpd_end_of_data_restrictions=$smtpd_last_auth -o smtpd_end_of_data_restrictions=$smtpd_last_auth
@ -52,6 +56,7 @@ submission inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_auth_only=no -o smtpd_tls_auth_only=no
-o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain -o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/sogo -o syslog_name=postfix/sogo
-o smtpd_end_of_data_restrictions=$smtpd_last_auth -o smtpd_end_of_data_restrictions=$smtpd_last_auth
@ -70,6 +75,7 @@ smtp_enforced_tls unix - - n - - smtp
-o smtp_tls_security_level=encrypt -o smtp_tls_security_level=encrypt
-o syslog_name=enforced-tls-smtp -o syslog_name=enforced-tls-smtp
-o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter -o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
# smtp connector used, when a transport map matched # smtp connector used, when a transport map matched
# this helps to have different sasl maps than we have with sender dependent transport maps # this helps to have different sasl maps than we have with sender dependent transport maps
smtp_via_transport_maps unix - - n - - smtp smtp_via_transport_maps unix - - n - - smtp
@ -103,6 +109,10 @@ scache unix - - n - 1 scache
maildrop unix - n n - - pipe flags=DRhu maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient} user=vmail argv=/usr/bin/maildrop -d ${recipient}
# used to anonymize sender IP
smtp_sender_cleanup unix n - y - 0 cleanup
-o header_checks=$smtp_header_checks
# start whitelist_fwd # start whitelist_fwd
127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh 127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
127.0.0.1:10028 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/smtpd_last_login.sh 127.0.0.1:10028 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/smtpd_last_login.sh
@ -132,5 +142,4 @@ watchdog_rewrite unix - - n - - trivial-rewrit
watchdog_discard unix - - n - - discard watchdog_discard unix - - n - - discard
-o syslog_facility=local7 -o syslog_facility=local7
-o syslog_name=watchdog -o syslog_name=watchdog
# end watchdog-specific # end watchdog-specific