From 9f2438be2a98cc9e286048c59a2e32f02e531f25 Mon Sep 17 00:00:00 2001
From: Jason Rothstein <fdragon@fdragon.org>
Date: Thu, 15 Sep 2022 21:08:08 -0500
Subject: [PATCH] Restrict clients to those with valid DNS and HELO

---
 templates/Fedora/35/etc/postfix/main.cf | 2 ++
 templates/Fedora/36/etc/postfix/main.cf | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/templates/Fedora/35/etc/postfix/main.cf b/templates/Fedora/35/etc/postfix/main.cf
index b3d981a..5b19283 100644
--- a/templates/Fedora/35/etc/postfix/main.cf
+++ b/templates/Fedora/35/etc/postfix/main.cf
@@ -760,4 +760,6 @@ error_notice_recipient = {{ postmaster_email }}
 smtpd_helo_required = yes
 disable_vrfy_command = yes
 message_size_limit = {{ postfix_message_size_limit }}
+smtpd_helo_restrictions = reject_unknown_helo_hostname
+smtpd_client_restrictions = reject_unknown_reverse_client_hostname reject_unauth_pipelining
 
diff --git a/templates/Fedora/36/etc/postfix/main.cf b/templates/Fedora/36/etc/postfix/main.cf
index b3d981a..5b19283 100644
--- a/templates/Fedora/36/etc/postfix/main.cf
+++ b/templates/Fedora/36/etc/postfix/main.cf
@@ -760,4 +760,6 @@ error_notice_recipient = {{ postmaster_email }}
 smtpd_helo_required = yes
 disable_vrfy_command = yes
 message_size_limit = {{ postfix_message_size_limit }}
+smtpd_helo_restrictions = reject_unknown_helo_hostname
+smtpd_client_restrictions = reject_unknown_reverse_client_hostname reject_unauth_pipelining