7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed Handling of Spamhaus Blocklists using smtpd restrictions

This commit is contained in:
DerLinkman 2023-08-25 16:43:45 +02:00
parent 30e241babe
commit 95af021781
2 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
data/Dockerfiles/postfix/postfix.sh
View File

@ -431,11 +431,22 @@ if [ ! -z "$DNSBL_CONFIG" ]; then
echo -e "\e[32mDetected SPAMHAUS_DQS_KEY variable from mailcow.conf...\e[0m" echo -e "\e[32mDetected SPAMHAUS_DQS_KEY variable from mailcow.conf...\e[0m"
echo -e "\e[33mUsing DQS Blocklists from Spamhaus!\e[0m" echo -e "\e[33mUsing DQS Blocklists from Spamhaus!\e[0m"
SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF
${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6 ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[2..255]
${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[10;11]*8
${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.3*4
${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.2*3
postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply.map postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply.map
smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
permit_sasl_authenticated,
permit_mynetworks,
check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
reject_invalid_helo_hostname,
reject_unauth_destination,
reject_rhsbl_sender ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_helo ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_reverse_client ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_sender ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rhsbl_helo ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rhsbl_reverse_client ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rbl_client ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[2..255]
EOF EOF
cat <<EOF > /opt/postfix/conf/dnsbl_reply.map cat <<EOF > /opt/postfix/conf/dnsbl_reply.map
@ -461,10 +472,20 @@ EOF
echo -e "\e[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\e[0m" echo -e "\e[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\e[0m"
echo -e "\e[33mUsing the open Spamhaus blocklists.\e[0m" echo -e "\e[33mUsing the open Spamhaus blocklists.\e[0m"
SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF
zen.spamhaus.org=127.0.0.[10;11]*8 zen.spamhaus.org=127.0.0.[2..11]
zen.spamhaus.org=127.0.0.[4..7]*6
zen.spamhaus.org=127.0.0.3*4 smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
zen.spamhaus.org=127.0.0.2*3 permit_sasl_authenticated,
permit_mynetworks,
check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
reject_invalid_helo_hostname,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],
reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99],
reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99],
reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99],
warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255]
EOF EOF
) )

2
docker-compose.yml
View File

@ -297,7 +297,7 @@ services:
- dovecot - dovecot
postfix-mailcow: postfix-mailcow:
image: mailcow/postfix:1.71 image: mailcow/postfix:1.72
depends_on: depends_on:
- mysql-mailcow - mysql-mailcow
volumes: volumes: