bundles/postfix: remove postscreen usage
All checks were successful
bundlewrap/pipeline/head This commit looks good

postscreen isn't able to share its cache file between
instances, which leads to the server simply accepting
mails for the port on which postscreen starts up later.
Since we can't predict which port this will be, we
simply remove postscreen alltogether.

Yes, i know i could just remove postscreen for port 2525.
This commit is contained in:
Franzi 2021-03-28 08:59:57 +02:00
parent ce39850bda
commit 35e4bbf04b
Signed by: kunsi
GPG key ID: 12E3D2136B818350
2 changed files with 4 additions and 13 deletions

View file

@ -90,11 +90,4 @@ milter_default_action = accept
mua_relay_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject mua_relay_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
mua_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender,permit_sasl_authenticated,reject mua_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender,permit_sasl_authenticated,reject
mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
postscreen_access_list = permit_mynetworks
postscreen_blacklist_action = drop
postscreen_greet_action = drop
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = ix.dnsbl.manitu.net zen.spamhaus.org
postscreen_dnsbl_action = drop
% endif % endif

View file

@ -2,13 +2,11 @@
# service type private unpriv chroot wakeup maxproc command + args # service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100) # (yes) (yes) (no) (never) (100)
# ========================================================================== # ==========================================================================
% if node.has_bundle('postfixadmin'):
smtp inet n - y - 1 postscreen
-o smtpd_sasl_auth_enable=no
2525 inet n - y - 1 postscreen
-o smtpd_sasl_auth_enable=no
% else:
smtp inet n - y - 1 smtpd smtp inet n - y - 1 smtpd
% if node.has_bundle('postfixadmin'):
-o smtpd_sasl_auth_enable=no
2525 inet n - y - 1 smtpd
-o smtpd_sasl_auth_enable=no
% endif % endif
smtpd pass - - y - - smtpd smtpd pass - - y - - smtpd
dnsblog unix - - y - 0 dnsblog dnsblog unix - - y - 0 dnsblog