From 6d2d410b15774bf2d1d2e39c9471346a87e02787 Mon Sep 17 00:00:00 2001
From: Jesse Norell <jesse@kci.net>
Date: Wed, 10 Jun 2020 11:38:02 -0600
Subject: [PATCH] add server config select list for unknown (dns) rejection
---
install/lib/installer_base.lib.php | 19 +++--
install/tpl/debian_postfix.conf.master | 4 +-
install/tpl/fedora_postfix.conf.master | 4 +-
install/tpl/gentoo_postfix.conf.master | 4 +-
install/tpl/opensuse_postfix.conf.master | 4 +-
.../web/admin/form/server_config.tform.php | 23 +++--
.../web/admin/lib/lang/ar_server_config.lng | 5 ++
.../web/admin/lib/lang/bg_server_config.lng | 5 ++
.../web/admin/lib/lang/br_server_config.lng | 5 ++
.../web/admin/lib/lang/ca_server_config.lng | 5 ++
.../web/admin/lib/lang/cz_server_config.lng | 5 ++
.../web/admin/lib/lang/de_server_config.lng | 5 ++
.../web/admin/lib/lang/dk_server_config.lng | 5 ++
.../web/admin/lib/lang/el_server_config.lng | 5 ++
.../web/admin/lib/lang/en_server_config.lng | 10 +++
.../web/admin/lib/lang/es_server_config.lng | 5 ++
.../web/admin/lib/lang/fi_server_config.lng | 5 ++
.../web/admin/lib/lang/fr_server_config.lng | 5 ++
.../web/admin/lib/lang/hr_server_config.lng | 5 ++
.../web/admin/lib/lang/hu_server_config.lng | 5 ++
.../web/admin/lib/lang/id_server_config.lng | 5 ++
.../web/admin/lib/lang/it_server_config.lng | 5 ++
.../web/admin/lib/lang/ja_server_config.lng | 5 ++
.../web/admin/lib/lang/nl_server_config.lng | 5 ++
.../web/admin/lib/lang/pl_server_config.lng | 5 ++
.../web/admin/lib/lang/pt_server_config.lng | 5 ++
.../web/admin/lib/lang/ro_server_config.lng | 5 ++
.../web/admin/lib/lang/ru_server_config.lng | 5 ++
.../web/admin/lib/lang/se_server_config.lng | 5 ++
.../web/admin/lib/lang/sk_server_config.lng | 5 ++
.../web/admin/lib/lang/tr_server_config.lng | 5 ++
.../templates/server_config_mail_edit.htm | 8 ++
.../postfix_server_plugin.inc.php | 84 +++++++++++++++++--
33 files changed, 256 insertions(+), 24 deletions(-)
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index afd330c92c..4c7ee2b772 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1077,7 +1077,7 @@ class installer_base {
}
$reject_sender_login_mismatch = '';
- if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
+ if (isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
$reject_sender_login_mismatch = ',reject_sender_login_mismatch,';
}
@@ -1085,6 +1085,15 @@ class installer_base {
$stress_adaptive_placeholder = '#{stress_adaptive}';
$stress_adaptive = (isset($server_ini_array['mail']['stress_adaptive']) && ($server_ini_array['mail']['stress_adaptive'] == 'y')) ? '' : $stress_adaptive_placeholder;
+ $reject_unknown_client_hostname='';
+ if (isset($server_ini_array['mail']['reject_unknown']) && ($server_ini_array['mail']['reject_unknown'] == 'client' || $server_ini_array['mail']['reject_unknown'] == 'client_helo')) {
+ $reject_unknown_client_hostname=',reject_unknown_client_hostname';
+ }
+ $reject_unknown_helo_hostname='';
+ if ((!isset($server_ini_array['mail']['reject_unknown'])) || $server_ini_array['mail']['reject_unknown'] == 'helo' || $server_ini_array['mail']['reject_unknown'] == 'client_helo') {
+ $reject_unknown_helo_hostname=',reject_unknown_helo_hostname';
+ }
+
unset($server_ini_array);
$tmp = str_replace('.','\.',$conf['hostname']);
@@ -1098,6 +1107,8 @@ class installer_base {
'{reject_slm}' => $reject_sender_login_mismatch,
'{myhostname}' => $tmp,
$stress_adaptive_placeholder => $stress_adaptive,
+ '{reject_unknown_client_hostname}' => $reject_unknown_client_hostname,
+ '{reject_unknown_helo_hostname}' => $reject_unknown_helo_hostname,
);
$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');
@@ -1684,14 +1695,12 @@ class installer_base {
$options = explode(", ", exec("postconf -h smtpd_sender_restrictions"));
$new_options = array();
foreach ($options as $key => $value) {
- if ($value == '') {
- continue;
- }
+ if (trim($value) == '') continue;
if (preg_match('/tag_as_(originating|foreign)\.re/', $value)) {
continue;
}
if (!preg_match('/reject_(authenticated_)?sender_login_mismatch/', $value)) {
- $new_options[] = $value;
+ $new_options[] = trim($value);
}
}
if ($mail_config['reject_sender_login_mismatch'] == 'y') {
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index ce6f3b1553..5ce4671691 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -26,9 +26,9 @@ relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, reject_unknown_helo_hostname, permit
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
smtpd_sender_restrictions = {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
+smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
index ec88a572ff..d3f1eef6f3 100644
--- a/install/tpl/fedora_postfix.conf.master
+++ b/install/tpl/fedora_postfix.conf.master
@@ -22,9 +22,9 @@ relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, reject_unknown_helo_hostname, permit
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
smtpd_sender_restrictions = {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
+smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
index d369dbc89e..9f57085209 100644
--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
@@ -21,9 +21,9 @@ relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, reject_unknown_helo_hostname, permit
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
smtpd_sender_restrictions = {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
+smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
index 2c43cd9791..c98342c201 100644
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
@@ -24,9 +24,9 @@ relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, reject_unknown_helo_hostname, permit
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
smtpd_sender_restrictions = {reject_slm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
+smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 3d8d7a3f29..bc2f05840b 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -456,11 +456,13 @@ $form["tabs"]['mail'] = array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '/home/vmail/',
- 'validators' => array( 0 => array('type' => 'NOTEMPTY',
- 'errmsg' => 'homedir_path_error_empty'),
- 1 => array ( 'type' => 'REGEX',
- 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
- 'errmsg'=> 'homedir_path_error_regex'),
+ 'validators' => array( 0 => array ( 'type' => 'NOTEMPTY',
+ 'errmsg' => 'homedir_path_error_empty'
+ ),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{5,128}$/',
+ 'errmsg'=> 'homedir_path_error_regex'
+ ),
),
'value' => '',
'width' => '40',
@@ -638,6 +640,17 @@ $form["tabs"]['mail'] = array(
'default' => 'n',
'value' => array(0 => 'n', 1 => 'y')
),
+ 'reject_unknown' => array(
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'default' => 'helo',
+ 'value' => array(
+ 'helo' => 'reject_unknown_helo_txt',
+ 'client' => 'reject_unknown_client_txt',
+ 'client_helo' => 'reject_unknown_client_helo_txt',
+ 'none' => 'disabled_txt',
+ )
+ ),
'mailbox_size_limit' => array(
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
diff --git a/interface/web/admin/lib/lang/ar_server_config.lng b/interface/web/admin/lib/lang/ar_server_config.lng
index cf3e6da095..ed8e236071 100644
--- a/interface/web/admin/lib/lang/ar_server_config.lng
+++ b/interface/web/admin/lib/lang/ar_server_config.lng
@@ -40,6 +40,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost User';
$wb['relayhost_password_txt'] = 'Relayhost Password';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Mailbox Size Limit';
$wb['message_size_limit_txt'] = 'Message Size Limit';
$wb['ip_address_txt'] = 'IP Address';
diff --git a/interface/web/admin/lib/lang/bg_server_config.lng b/interface/web/admin/lib/lang/bg_server_config.lng
index 20202b8202..71e5bfd5c6 100644
--- a/interface/web/admin/lib/lang/bg_server_config.lng
+++ b/interface/web/admin/lib/lang/bg_server_config.lng
@@ -38,6 +38,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost User';
$wb['relayhost_password_txt'] = 'Relayhost Password';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Mailbox Size Limit';
$wb['message_size_limit_txt'] = 'Message Size Limit';
$wb['ip_address_txt'] = 'IP адреÑ';
diff --git a/interface/web/admin/lib/lang/br_server_config.lng b/interface/web/admin/lib/lang/br_server_config.lng
index e44a5a3485..e7b59e3cdb 100644
--- a/interface/web/admin/lib/lang/br_server_config.lng
+++ b/interface/web/admin/lib/lang/br_server_config.lng
@@ -51,6 +51,11 @@ $wb['relayhost_txt'] = 'Servidor de retransmissão';
$wb['relayhost_user_txt'] = 'Usuário de retransmissão';
$wb['relayhost_password_txt'] = 'Senha do usuário de retransmissão';
$wb['reject_sender_login_mismatch_txt'] = 'Rejeitar acesso com erro de usuário e/ou senha';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Limite do tamanho da conta de e-mail';
$wb['message_size_limit_txt'] = 'Limite do tamanho da mensagem';
$wb['ip_address_txt'] = 'Endereço IP';
diff --git a/interface/web/admin/lib/lang/ca_server_config.lng b/interface/web/admin/lib/lang/ca_server_config.lng
index 56d40c1424..effc175e85 100644
--- a/interface/web/admin/lib/lang/ca_server_config.lng
+++ b/interface/web/admin/lib/lang/ca_server_config.lng
@@ -51,6 +51,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost User';
$wb['relayhost_password_txt'] = 'Relayhost Password';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Mailbox Size Limit';
$wb['message_size_limit_txt'] = 'Message Size Limit';
$wb['ip_address_txt'] = 'IP Address';
diff --git a/interface/web/admin/lib/lang/cz_server_config.lng b/interface/web/admin/lib/lang/cz_server_config.lng
index 92826822f5..6e4f4c7faa 100644
--- a/interface/web/admin/lib/lang/cz_server_config.lng
+++ b/interface/web/admin/lib/lang/cz_server_config.lng
@@ -256,6 +256,11 @@ $wb['mailbox_virtual_uidgid_maps_error_nosingleserver'] = 'Uid cannot be mapped
$wb['mailbox_virtual_uidgid_maps_error_nodovecot'] = 'Uid-mapping can only be used with dovecot.';
$wb['mailbox_virtual_uidgid_maps_error_alreadyusers'] = 'Uid-mapping cannot be changed if there are already mail users.';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['do_not_try_rescue_mongodb_txt'] = 'Zakázat MongoDB monitorovánÃ';
$wb['v6_prefix_txt'] = 'IPv6 Prefix';
$wb['vhost_rewrite_v6_txt'] = 'Rewrite IPv6 on Mirror';
diff --git a/interface/web/admin/lib/lang/de_server_config.lng b/interface/web/admin/lib/lang/de_server_config.lng
index c49adf2396..9a236d92e1 100644
--- a/interface/web/admin/lib/lang/de_server_config.lng
+++ b/interface/web/admin/lib/lang/de_server_config.lng
@@ -40,6 +40,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost Benutzer';
$wb['relayhost_password_txt'] = 'Relayhost Passwort';
$wb['reject_sender_login_mismatch_txt'] = 'Zurückweisen von Mails, wenn Sender nicht gleich Login';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'E-Mailkonto Beschränkung';
$wb['message_size_limit_txt'] = 'E-Mailgrößen Beschränkung';
$wb['ip_address_txt'] = 'IP Adresse';
diff --git a/interface/web/admin/lib/lang/dk_server_config.lng b/interface/web/admin/lib/lang/dk_server_config.lng
index 5e5106af49..41eaa1fe75 100644
--- a/interface/web/admin/lib/lang/dk_server_config.lng
+++ b/interface/web/admin/lib/lang/dk_server_config.lng
@@ -258,6 +258,11 @@ $wb['mailbox_virtual_uidgid_maps_error_nosingleserver'] = 'Uid cannot be mapped
$wb['mailbox_virtual_uidgid_maps_error_nodovecot'] = 'Uid-mapping can only be used with dovecot.';
$wb['mailbox_virtual_uidgid_maps_error_alreadyusers'] = 'Uid-mapping cannot be changed if there are already mail users.';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['backup_time_txt'] = 'Backup time';
$wb['do_not_try_rescue_mongodb_txt'] = 'Disable MongoDB monitoring';
$wb['v6_prefix_txt'] = 'IPv6 Prefix';
diff --git a/interface/web/admin/lib/lang/el_server_config.lng b/interface/web/admin/lib/lang/el_server_config.lng
index 6f88bc0712..491aa69cb6 100644
--- a/interface/web/admin/lib/lang/el_server_config.lng
+++ b/interface/web/admin/lib/lang/el_server_config.lng
@@ -40,6 +40,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'ΧÏήστης Relayhost';
$wb['relayhost_password_txt'] = 'Συνθηματικό Relayhost';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'ÎŒÏιο χώÏου θυÏίδας';
$wb['message_size_limit_txt'] = 'Μήνυμα οÏίου χώÏου';
$wb['ip_address_txt'] = 'ΔιεÏθυνση IP';
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index a5560b8515..4858ed2eb8 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -52,6 +52,16 @@ $wb["relayhost_txt"] = 'Relayhost';
$wb["relayhost_user_txt"] = 'Relayhost User';
$wb["relayhost_password_txt"] = 'Relayhost Password';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb["mailbox_size_limit_txt"] = 'Mailbox Size Limit';
$wb["message_size_limit_txt"] = 'Message Size Limit';
$wb["ip_address_txt"] = 'IP Address';
diff --git a/interface/web/admin/lib/lang/es_server_config.lng b/interface/web/admin/lib/lang/es_server_config.lng
index 373b7ae0fb..866871de9a 100644
--- a/interface/web/admin/lib/lang/es_server_config.lng
+++ b/interface/web/admin/lib/lang/es_server_config.lng
@@ -233,6 +233,11 @@ $wb['realtime_blackhole_list_txt'] = 'Lista de filtrado en tiempo real';
$wb['stress_adaptive_txt'] = 'Adapt to temporary load spikes';
$wb['tooltip_stress_adaptive_txt'] = 'Enables Postfix stress-adaptive behavior.';
$wb['reject_sender_login_mismatch_txt'] = 'Rechazar remitente e inicio de sesión diferentes';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['relayhost_password_txt'] = 'Contraseña del servidor de retransmisión';
$wb['relayhost_txt'] = 'Servidor de retransmisión';
$wb['relayhost_user_txt'] = 'Usuario del servidor de retransmisión';
diff --git a/interface/web/admin/lib/lang/fi_server_config.lng b/interface/web/admin/lib/lang/fi_server_config.lng
index 9d743dbcfd..61edf1e602 100644
--- a/interface/web/admin/lib/lang/fi_server_config.lng
+++ b/interface/web/admin/lib/lang/fi_server_config.lng
@@ -38,6 +38,11 @@ $wb['relayhost_txt'] = 'Edelleenlähetyspalvelin';
$wb['relayhost_user_txt'] = 'Edelleenlähetyspalvelimen käyttäjätunnus';
$wb['relayhost_password_txt'] = 'Edelleenlähetyspalvelimen salasana';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Postilaatikon koko';
$wb['message_size_limit_txt'] = 'Viestien enimmäiskoko';
$wb['ip_address_txt'] = 'IP-osoite';
diff --git a/interface/web/admin/lib/lang/fr_server_config.lng b/interface/web/admin/lib/lang/fr_server_config.lng
index 0a06d2344e..657a4e1b54 100644
--- a/interface/web/admin/lib/lang/fr_server_config.lng
+++ b/interface/web/admin/lib/lang/fr_server_config.lng
@@ -258,6 +258,11 @@ $wb['mailbox_virtual_uidgid_maps_error_nosingleserver'] = 'Uid cannot be mapped
$wb['mailbox_virtual_uidgid_maps_error_nodovecot'] = 'Uid-mapping can only be used with dovecot.';
$wb['mailbox_virtual_uidgid_maps_error_alreadyusers'] = 'Uid-mapping cannot be changed if there are already mail users.';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['do_not_try_rescue_mongodb_txt'] = 'Disable MongoDB monitoring';
$wb['v6_prefix_txt'] = 'IPv6 Prefix';
$wb['vhost_rewrite_v6_txt'] = 'Rewrite IPv6 on Mirror';
diff --git a/interface/web/admin/lib/lang/hr_server_config.lng b/interface/web/admin/lib/lang/hr_server_config.lng
index 161ea5efb6..c7be0b3df0 100644
--- a/interface/web/admin/lib/lang/hr_server_config.lng
+++ b/interface/web/admin/lib/lang/hr_server_config.lng
@@ -39,6 +39,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost korisnik';
$wb['relayhost_password_txt'] = 'Relayhost Å¡ifra';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Dozvoljena veliÄina mailboxa';
$wb['message_size_limit_txt'] = 'Dozvoljena veliÄina emaila';
$wb['ip_address_txt'] = 'IP adresa';
diff --git a/interface/web/admin/lib/lang/hu_server_config.lng b/interface/web/admin/lib/lang/hu_server_config.lng
index b3e44761c5..979eacb0e8 100644
--- a/interface/web/admin/lib/lang/hu_server_config.lng
+++ b/interface/web/admin/lib/lang/hu_server_config.lng
@@ -38,6 +38,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost User';
$wb['relayhost_password_txt'] = 'Relayhost Password';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Mailbox Size Limit';
$wb['message_size_limit_txt'] = 'Message Size Limit';
$wb['ip_address_txt'] = 'IP Address';
diff --git a/interface/web/admin/lib/lang/id_server_config.lng b/interface/web/admin/lib/lang/id_server_config.lng
index e6a09d9c06..7179486469 100644
--- a/interface/web/admin/lib/lang/id_server_config.lng
+++ b/interface/web/admin/lib/lang/id_server_config.lng
@@ -40,6 +40,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Pengguna Relayhost';
$wb['relayhost_password_txt'] = 'Kata Sandi Relayhost';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Batasan Ukuran Mailbox';
$wb['message_size_limit_txt'] = 'Batasan Ukuran Pesan';
$wb['ip_address_txt'] = 'Alamat IP';
diff --git a/interface/web/admin/lib/lang/it_server_config.lng b/interface/web/admin/lib/lang/it_server_config.lng
index d98cee7db7..9aa049a488 100644
--- a/interface/web/admin/lib/lang/it_server_config.lng
+++ b/interface/web/admin/lib/lang/it_server_config.lng
@@ -258,6 +258,11 @@ $wb['mailbox_virtual_uidgid_maps_error_nosingleserver'] = 'Uid cannot be mapped
$wb['mailbox_virtual_uidgid_maps_error_nodovecot'] = 'Uid-mapping can only be used with dovecot.';
$wb['mailbox_virtual_uidgid_maps_error_alreadyusers'] = 'Uid-mapping cannot be changed if there are already mail users.';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['do_not_try_rescue_mongodb_txt'] = 'Disable MongoDB monitoring';
$wb['v6_prefix_txt'] = 'IPv6 Prefix';
$wb['vhost_rewrite_v6_txt'] = 'Rewrite IPv6 on Mirror';
diff --git a/interface/web/admin/lib/lang/ja_server_config.lng b/interface/web/admin/lib/lang/ja_server_config.lng
index 392a4d48ee..3de4d2ca1a 100644
--- a/interface/web/admin/lib/lang/ja_server_config.lng
+++ b/interface/web/admin/lib/lang/ja_server_config.lng
@@ -40,6 +40,11 @@ $wb['relayhost_txt'] = 'リレーホスト';
$wb['relayhost_user_txt'] = 'リレーホストユーザー';
$wb['relayhost_password_txt'] = 'リレーホストパスワード';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'メールボックスã®ã‚µã‚¤ã‚º';
$wb['message_size_limit_txt'] = 'メッセージã®æœ€å¤§ã‚µã‚¤ã‚º';
$wb['ip_address_txt'] = 'IPアドレス';
diff --git a/interface/web/admin/lib/lang/nl_server_config.lng b/interface/web/admin/lib/lang/nl_server_config.lng
index b3be619110..7e3edc4398 100644
--- a/interface/web/admin/lib/lang/nl_server_config.lng
+++ b/interface/web/admin/lib/lang/nl_server_config.lng
@@ -40,6 +40,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost gebruiker';
$wb['relayhost_password_txt'] = 'Relayhost wachtwoord';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Mailbox grootte limiet';
$wb['message_size_limit_txt'] = 'Message grootte limiet';
$wb['ip_address_txt'] = 'IP adres';
diff --git a/interface/web/admin/lib/lang/pl_server_config.lng b/interface/web/admin/lib/lang/pl_server_config.lng
index 0072eeeea5..294ed44ee7 100644
--- a/interface/web/admin/lib/lang/pl_server_config.lng
+++ b/interface/web/admin/lib/lang/pl_server_config.lng
@@ -40,6 +40,11 @@ $wb['relayhost_txt'] = 'Adres Relayhost';
$wb['relayhost_user_txt'] = 'Użytkownik Relayhost';
$wb['relayhost_password_txt'] = 'Hasło Relayhost';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Maksymalna wielkość skrzynki pocztowej';
$wb['message_size_limit_txt'] = 'Maksymalna wielkość wiadomości';
$wb['ip_address_txt'] = 'Adres IP';
diff --git a/interface/web/admin/lib/lang/pt_server_config.lng b/interface/web/admin/lib/lang/pt_server_config.lng
index 391bb582ff..8b9d78d151 100644
--- a/interface/web/admin/lib/lang/pt_server_config.lng
+++ b/interface/web/admin/lib/lang/pt_server_config.lng
@@ -39,6 +39,11 @@ $wb['relayhost_txt'] = 'Host Relay';
$wb['relayhost_user_txt'] = 'Utilizador do Host Relay';
$wb['relayhost_password_txt'] = 'Senha do Host Relay';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Tamanho máximo da Caixa Postal';
$wb['message_size_limit_txt'] = 'Tamanho máximo de mensagem';
$wb['ip_address_txt'] = 'Endereço IP';
diff --git a/interface/web/admin/lib/lang/ro_server_config.lng b/interface/web/admin/lib/lang/ro_server_config.lng
index d41248a6f7..a1ce64839f 100644
--- a/interface/web/admin/lib/lang/ro_server_config.lng
+++ b/interface/web/admin/lib/lang/ro_server_config.lng
@@ -39,6 +39,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost User';
$wb['relayhost_password_txt'] = 'Relayhost Password';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Mailbox Size Limit';
$wb['message_size_limit_txt'] = 'Message Size Limit';
$wb['ip_address_txt'] = 'IP Address';
diff --git a/interface/web/admin/lib/lang/ru_server_config.lng b/interface/web/admin/lib/lang/ru_server_config.lng
index b75c616eb5..8583ccd434 100644
--- a/interface/web/admin/lib/lang/ru_server_config.lng
+++ b/interface/web/admin/lib/lang/ru_server_config.lng
@@ -37,6 +37,11 @@ $wb['relayhost_txt'] = 'Relay-хоÑÑ‚';
$wb['relayhost_user_txt'] = 'Логин Relay-хоÑта';
$wb['relayhost_password_txt'] = 'Пароль Relay-хоÑта';
$wb['reject_sender_login_mismatch_txt'] = 'Отклонить при неÑовпадении Ð¾Ñ‚Ð¿Ñ€Ð°Ð²Ð¸Ñ‚ÐµÐ»Ñ Ð¸ логина';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Лимит объема почтового Ñщика';
$wb['message_size_limit_txt'] = 'Лимит размера ÑообщениÑ';
$wb['ip_address_txt'] = 'IP-адреÑ';
diff --git a/interface/web/admin/lib/lang/se_server_config.lng b/interface/web/admin/lib/lang/se_server_config.lng
index d5bf5b2329..ff44861126 100644
--- a/interface/web/admin/lib/lang/se_server_config.lng
+++ b/interface/web/admin/lib/lang/se_server_config.lng
@@ -38,6 +38,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost User';
$wb['relayhost_password_txt'] = 'Relayhost Password';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Mailbox Size Limit';
$wb['message_size_limit_txt'] = 'Message Size Limit';
$wb['ip_address_txt'] = 'IP Address';
diff --git a/interface/web/admin/lib/lang/sk_server_config.lng b/interface/web/admin/lib/lang/sk_server_config.lng
index 2246ad70e7..1efac9e6e6 100644
--- a/interface/web/admin/lib/lang/sk_server_config.lng
+++ b/interface/web/admin/lib/lang/sk_server_config.lng
@@ -40,6 +40,11 @@ $wb['relayhost_txt'] = 'Relayhost';
$wb['relayhost_user_txt'] = 'Relayhost uživateľ';
$wb['relayhost_password_txt'] = 'Relayhost heslo';
$wb['reject_sender_login_mismatch_txt'] = 'Reject sender and login mismatch';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'Limit ve?kosti poštovej schránky';
$wb['message_size_limit_txt'] = 'Limit ve?kosti správy';
$wb['ip_address_txt'] = 'IP Adresa';
diff --git a/interface/web/admin/lib/lang/tr_server_config.lng b/interface/web/admin/lib/lang/tr_server_config.lng
index f4c2cfcd92..25380413fa 100644
--- a/interface/web/admin/lib/lang/tr_server_config.lng
+++ b/interface/web/admin/lib/lang/tr_server_config.lng
@@ -51,6 +51,11 @@ $wb['relayhost_txt'] = 'Aktarım Sunucusu';
$wb['relayhost_user_txt'] = 'Aktarım Sunucu Kullanıcı Adı';
$wb['relayhost_password_txt'] = 'Aktarım Sunucu Parolası';
$wb['reject_sender_login_mismatch_txt'] = 'Gönderen ile Oturum Açmış Kullanıcı Eşleşmiyorsa Reddedilsin';
+$wb['reject_unknown_txt'] = 'Reject unknown hostnames';
+$wb['tooltip_reject_unknown_txt'] = 'Requires hostnames to pass DNS checks. Not checked for authenticated users.';
+$wb['reject_unknown_helo_txt'] = 'Reject unknown helo hostnames';
+$wb['reject_unknown_client_txt'] = 'Reject unknown client hostnames';
+$wb['reject_unknown_client_helo_txt'] = 'Reject unknown helo and client hostnames';
$wb['mailbox_size_limit_txt'] = 'E-posta Kutusu Boyutu Sınırı';
$wb['message_size_limit_txt'] = 'İleti Boyutu Sınırı';
$wb['ip_address_txt'] = 'IP Adresi';
diff --git a/interface/web/admin/templates/server_config_mail_edit.htm b/interface/web/admin/templates/server_config_mail_edit.htm
index b7f7c2c6bf..1e63cecca8 100644
--- a/interface/web/admin/templates/server_config_mail_edit.htm
+++ b/interface/web/admin/templates/server_config_mail_edit.htm
@@ -103,6 +103,14 @@
<label for="realtime_blackhole_list" class="col-sm-3 control-label">{tmpl_var name='realtime_blackhole_list_txt'}</label>
<div class="col-sm-6"><input type="text" name="realtime_blackhole_list" id="realtime_blackhole_list" value="{tmpl_var name='realtime_blackhole_list'}" class="form-control" /></div><div class="col-sm-3 input-sm"> {tmpl_var name='realtime_blackhole_list_note_txt'}
</div></div>
+ <div class="form-group">
+ <label class="col-sm-3 control-label">{tmpl_var name='reject_unknown_txt'}</label>
+ <div class="col-sm-9"><a href="#" data-toggle="tooltip" title="{tmpl_var name='tooltip_reject_unknown_txt'}">
+ <select name="reject_unknown" id="reject_unknown" class="form-control">
+ {tmpl_var name='reject_unknown'}
+ </select></a>
+ </div>
+ </div>
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='stress_adaptive_txt'}</label>
<div class="col-sm-9">
diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php
index 0400f68827..e3e731fb1b 100644
--- a/server/plugins-available/postfix_server_plugin.inc.php
+++ b/server/plugins-available/postfix_server_plugin.inc.php
@@ -121,7 +121,7 @@ class postfix_server_plugin {
$value = trim($value);
if ($value == '') continue;
if (!preg_match('/reject_rbl_client/', $value)) {
- $new_options[] = $value;
+ $new_options[] = trim($value);
} else {
if(is_array($rbl_hosts) && !empty($rbl_hosts) && !$rbl_updated){
$rbl_updated = true;
@@ -142,12 +142,13 @@ class postfix_server_plugin {
$app->system->exec_safe("postconf -e ?", 'smtpd_recipient_restrictions = '.implode(", ", $new_options));
}
- if($mail_config['reject_sender_login_mismatch'] != $old_ini_data['mail']['reject_sender_login_mismatch']) {
+ if ($mail_config['reject_sender_login_mismatch'] != $old_ini_data['mail']['reject_sender_login_mismatch']) {
$options = preg_split("/,\s*/", exec("postconf -h smtpd_sender_restrictions"));
$new_options = array();
foreach ($options as $key => $value) {
+ if (trim($value) == '') continue;
if (!preg_match('/reject_(authenticated_)?sender_login_mismatch/', $value)) {
- $new_options[] = $value;
+ $new_options[] = trim($value);
}
}
@@ -158,10 +159,81 @@ class postfix_server_plugin {
$app->system->exec_safe("postconf -e ?", 'smtpd_sender_restrictions = '.implode(", ", $new_options));
}
- if($mail_config['stress_adaptive']) {
- if ($mail_config['stress_adaptive'] == 'y') {
+ if ($mail_config['reject_unknown']) {
+ if (($mail_config['reject_unknown'] === 'client') || ($mail_config['reject_unknown'] === 'client_helo')) {
+ $options = explode(", ", exec("postconf -h smtpd_client_restrictions"));
+ $new_options = array();
+ foreach ($options as $key => $value) {
+ if (trim($value) == '') continue;
+ if (!preg_match('/reject_unknown(_client)?_hostname/', $value)) {
+ $new_options[] = trim($value);
+ }
+ }
+
+ reset($new_options); $i = 0;
+ // insert before explicit permit, or append
+ for ($i = 0; isset($new_options[$i]); $i++) {
+ if ($new_options[$i] == 'permit') {
+ array_splice($new_options, $i, 0, array('reject_unknown_client_hostname'));
+ break;
+ }
+ }
+ if ($i == count($new_options)) {
+ $new_options[] = array('reject_unknown_client_hostname');
+ }
+
+ $app->system->exec_safe("postconf -e ?", 'smtpd_client_restrictions = '.implode(", ", $new_options));
+ } else {
+ $options = explode(", ", exec("postconf -h smtpd_client_restrictions"));
+ $new_options = array();
+ foreach ($options as $key => $value) {
+ if (trim($value) == '') continue;
+ if (!preg_match('/reject_unknown(_client)?_hostname/', $value)) {
+ $new_options[] = trim($value);
+ }
+ }
+ $app->system->exec_safe("postconf -e ?", 'smtpd_client_restrictions = '.implode(", ", $new_options));
+ }
- if(version_compare($postfix_version , '3.0', '>=')) {
+ if (($mail_config['reject_unknown'] === 'helo') || ($mail_config['reject_unknown'] === 'client_helo')) {
+ $options = explode(", ", exec("postconf -h smtpd_helo_restrictions"));
+ $new_options = array();
+ foreach ($options as $key => $value) {
+ if (trim($value) == '') continue;
+ if (!preg_match('/reject_unknown(_helo)?_hostname/', $value)) {
+ $new_options[] = trim($value);
+ }
+ }
+
+ reset($new_options); $i = 0;
+ // insert before explicit permit, or append
+ for ($i = 0; isset($new_options[$i]); $i++) {
+ if ($new_options[$i] == 'permit') {
+ array_splice($new_options, $i, 0, array('reject_unknown_helo_hostname'));
+ break;
+ }
+ }
+ if ($i == count($new_options)) {
+ $new_options[] = array('reject_unknown_helo_hostname');
+ }
+
+ $app->system->exec_safe("postconf -e ?", 'smtpd_helo_restrictions = '.implode(", ", $new_options));
+ } else {
+ $options = explode(", ", exec("postconf -h smtpd_helo_restrictions"));
+ $new_options = array();
+ foreach ($options as $key => $value) {
+ if (trim($value) == '') continue;
+ if (!preg_match('/reject_unknown(_helo)?_hostname/', $value)) {
+ $new_options[] = trim($value);
+ }
+ }
+ $app->system->exec_safe("postconf -e ?", 'smtpd_helo_restrictions = '.implode(", ", $new_options));
+ }
+ }
+
+ if ($mail_config['stress_adaptive']) {
+ if ($mail_config['stress_adaptive'] == 'y') {
+ if (version_compare($postfix_version , '3.0', '>=')) {
$app->system->exec_safe("postconf -e ?", 'in_flow_delay = ${stress?{3}:{1}}s');
$app->system->exec_safe("postconf -e ?", 'smtp_connect_timeout = ${stress?{10}:{30}}s');
$app->system->exec_safe("postconf -e ?", 'smtp_helo_timeout = ${stress?{10}:{60}}s');
--
GitLab