I have a server with postfix running my personal and work emails,
alongside my company's website, which is written in Python/Django. The
website has some "send an email through the webapp" functionality. Back
when my work email was hosted as a Google App this was fine, I just used
Google's SMTP settings.
Now email runs through the local postfix, and I shut off several of the
functions until I had time to learn to set it up properly. I'm hoping
someone here can give some pointers so that I can avoid turning the site
into a potential source of spam.
Right now the only functionality I've left running is automatic error
emails, as that can only be sent to my address. Currently, the default
SMTP settings in the Django site look like this:
SERVER_EMAIL = post...@mycompany.com
EMAIL_HOST = "localhost"
EMAIL_HOST_USER = None
EMAIL_HOST_PASSWORD = None
DEFAULT_FROM_EMAIL = "My Company <post...@mycompany.com>"
I don't think the above is an especially good idea, but given the
circumstances it didn't seem too risky. Here's what I hope will be all
the relevant postfix settings:
myorigin = /etc/mailname
append_dot_mydomain = no
smtpd_use_tls = yes
<omitting smtpd_tls options>
myhostname = mail.ericabrahamsen.net
mydomain = mail.ericabrahamsen.net
mydestination = localhost.ericabrahamsen.net, mail.ericabrahamsen.net,
localhost, mail.mycompany.com, localhost.mycompany.com, <servername>
mynetworks = 127.0.0.0/8
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_helo_hostname, reject_unknown_helo_hostname
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_client_hostname,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_invalid_hostname, reject_non_fqdn_sender
check_policy_service inet:localhost:12340
smtpd_sender_restrictions = permit_mynetworks,
check_sender_access hash:/etc/postfix/access,
reject_unknown_sender_domain, reject_sender_login_mismatch
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_sender_login_maps = $virtual_mailbox_maps
smtpd_banner = $myhostname ESMTP
I need to add two new email functions (each of which can have their own
smtp settings):
1. Allow visitors to send an email to one of us in the company (local
delivery only, email should appear to come from i...@mycompany.com)
2. Allow visitors to email themselves selected files from my server
(delivery to anywhere, email should appear to come from
p...@mycompany.com)
Obviously the second one is the one I'm worried about -- it could
potentially turn into an open relay. Django does quite a bit of work to
prevent firehose emailing, but still.
I've got spamassassin running, and it does okay. But I don't know how to
make 100% sure that mail sent through both of the above functions gets
spam filtered. Should I be routing mail through special transports?
I'm also worried that the fact I've got "permit_mynetworks" in all the
smtpd_*_restrictions lists means that postscreen etc isn't going to run,
and a whole lot of spam is going to get through.
Anyway, apologies for the very long message. Any advice would be very
welcome!
Thanks,
Eric
