Где вообще какие-либо проверки?
Типа таких:
Код: Выделить всё
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/usr/local/etc/postfix/scripts/sender_ok,
check_sender_access hash:/usr/local/etc/postfix/scripts/mygoodlist,
check_recipient_access hash:/usr/local/etc/postfix/scripts/email_with_spam,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client dynablock.njabl.org,
reject_rbl_client combined.njabl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dnsbl.ahbl.org,
reject_rbl_client bl.spamcop.net,
reject_rhsbl_client block.rhs.mailpolice.com,
check_client_access hash:/usr/local/etc/postfix/scripts/sender_bad
check_client_access regexp:/usr/local/etc/postfix/scripts/client_check.pcre,
# Убиваем неродивые почтовые сервера, не имеющие обратных PTR записей.
# Внимание, убивает и нужную почту !!!
# reject_unknown_client
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/usr/local/etc/postfix/scripts/sender_ok,
check_helo_access hash:/usr/local/etc/postfix/scripts/helo_access,
check_sender_access hash:/usr/local/etc/postfix/scripts/mygoodlist,
check_recipient_access hash:/usr/local/etc/postfix/scripts/email_with_spam,
reject_non_fqdn_hostname,
reject_invalid_hostname
smtpd_sender_restrictions =
check_recipient_access hash:/usr/local/etc/postfix/scripts/email_with_spam,
check_client_access hash:/usr/local/etc/postfix/scripts/sender_ok,
check_sender_access hash:/usr/local/etc/postfix/scripts/mygoodlist,
reject_non_fqdn_sender,
permit_mynetworks,
permit_sasl_authenticated,
reject_unlisted_sender,
reject_unknown_sender_domain,
# reject_rhsbl_sender rhsbl.ahbl.org,
# reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rhsbl_sender block.rhs.mailpolice.com,
check_sender_access hash:/usr/local/etc/postfix/scripts/bad_emails
smtpd_recipient_restrictions =
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_unauth_destination,
# check_recipient_access hash:/usr/local/etc/postfix/scripts/newemailusers,
check_recipient_access hash:/usr/local/etc/postfix/scripts/bad_dest_email,
check_recipient_access hash:/usr/local/etc/postfix/scripts/email_with_spam,
check_sender_access hash:/usr/local/etc/postfix/scripts/sender_ok,
check_sender_access hash:/usr/local/etc/postfix/scripts/mygoodlist,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_multi_recipient_bounce,
check_policy_service unix:private/policy
check_policy_service inet:127.0.0.1:10023
#
# check_policy_service unix:private/policyd
smtpd_data_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_multi_recipient_bounce
smtpd_etrn_restrictions =
reject
broken_sasl_auth_clients= yes
smtpd_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
# TLS
smtp_use_tls = no
smtp_tls_key_file=/usr/local/share/courier-imap/pop3d.pem
smtp_tls_cert_file=$smtp_tls_key_file
smtp_tls_CAfile=$smtp_tls_key_file
smtp_tls_note_starttls_offer = yes
#smtpd_tls_auth_only = yes
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_key_file=/usr/local/share/courier-imap/pop3d.pem
smtpd_tls_cert_file=$smtp_tls_key_file
smtpd_tls_CAfile=$smtp_tls_key_file