Différences

Ci-dessous, les différences entre deux révisions de la page.

--- serveur:mail [2021/04/05 15:10] – [SPF Record pour les courriers entrants] d2air
+++ serveur:mail [2021/05/13 10:48] (Version actuelle) – [Création d’un serveur virtuel Apache2] d2air
@@ Ligne 152: / Ligne 152: @@
         SSLCertificateFile      /etc/letsencrypt/live/pma.hostname.domaine.eu/cert.pem
         SSLCertificateKeyFile   /etc/letsencrypt/live/pma.hostname.domaine.eu/privkey.pem
-        Header always add Strict-Transport-Security "max-age=63072000; preload"
+        <IfModule mod_headers.c>
-        Header always set X-Content-Type-Options "nosniff"
+                Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
-        Header always set X-Frame-Options DENY
+                Header always set X-Content-Type-Options "nosniff"
-        Header always set X-XSS-Protection "1; mode=block"
+                Header always set X-Frame-Options "DENY"
+                Header always set X-XSS-Protection "1; mode=block"
+                Header set Content-Security-Policy-Report-Only "default-src 'self'"
+        </IfModule>
         #   Certificate Authority (CA):
@@ Ligne 485: / Ligne 488: @@
 smtpd_recipient_restrictions =
+	reject_rbl_client xbl.spamhaus.org,
+	reject_rbl_client pbl.spamhaus.org,
+	reject_rbl_client sbl.spamhaus.org,
+	reject_rbl_client multi.uribl.com,
+	reject_rbl_client rbl-plus.mail-abuse.org,
+	reject_rbl_client dialups.mail-abuse.org,
 	reject_invalid_hostname,
 	reject_non_fqdn_hostname,
@@ Ligne 496: / Ligne 505: @@
 	reject_unauth_destination,
 	reject_unverified_recipient,
-	check_policy_service unix:private/policy-spf,
 	permit
@@ Ligne 835: / Ligne 843: @@
 <file sh main.cf>
 smtpd_recipient_restrictions =
-        reject_invalid_hostname,
+	reject_rbl_client xbl.spamhaus.org,
-        reject_non_fqdn_hostname,
+	reject_rbl_client pbl.spamhaus.org,
-        reject_non_fqdn_sender,
+	reject_rbl_client sbl.spamhaus.org,
-        reject_non_fqdn_recipient,
+	reject_rbl_client multi.uribl.com,
-        reject_unknown_sender_domain,
+	reject_rbl_client rbl-plus.mail-abuse.org,
-        reject_unknown_recipient_domain,
+	reject_rbl_client dialups.mail-abuse.org,
-        reject_unauth_destination,
+	reject_invalid_hostname,
-        reject_unverified_recipient,
+	reject_non_fqdn_hostname,
-        permit_mynetworks,
+	reject_non_fqdn_sender,
-        permit_sasl_authenticated,
+	reject_non_fqdn_recipient,
-        permit_auth_destination,
+	reject_unknown_sender_domain,
-        check_policy_service unix:private/policy-spf,
+	reject_unknown_recipient_domain,
-        check_policy_service inet:127.0.0.1:10023,
+	permit_mynetworks,
-        permit
+	permit_sasl_authenticated,
+	permit_auth_destination,
+	reject_unauth_destination,
+	reject_unverified_recipient,
+	check_policy_service inet:127.0.0.1:10023,
+	permit
 </file>
 Puis il faut relancer Postfix en surveillant les logs :
@@ Ligne 1093: / Ligne 1106: @@
 <file sh main.cf>
 smtpd_recipient_restrictions =
-[...]
+	reject_rbl_client xbl.spamhaus.org,
-  reject_unauth_destination,
+	reject_rbl_client pbl.spamhaus.org,
-  check_policy_service unix:private/policy-spf,
+	reject_rbl_client sbl.spamhaus.org,
-  permit
+	reject_rbl_client multi.uribl.com,
+	reject_rbl_client rbl-plus.mail-abuse.org,
+	reject_rbl_client dialups.mail-abuse.org,
+	reject_invalid_hostname,
+	reject_non_fqdn_hostname,
+	reject_non_fqdn_sender,
+	reject_non_fqdn_recipient,
+	reject_unknown_sender_domain,
+	reject_unknown_recipient_domain,
+	permit_mynetworks,
+	permit_sasl_authenticated,
+	permit_auth_destination,
+	reject_unauth_destination,
+	reject_unverified_recipient,
+	check_policy_service unix:private/policy-spf,
+	check_policy_service inet:127.0.0.1:10023,
+	permit
 policy-spf_time_limit = 3600s