diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-11 21:15:24 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-12 13:46:44 +0100 |
| commit | 7beb915bb8dddac847ca3aca85c187e314a6c0fa (patch) | |
| tree | 58007bea6929c6cdfb8d7b5abf483eb33fd3b609 | |
| parent | 68d56db92b95f570a8e7236dbff3fc7fd0fcd2c3 (diff) | |
Outgoing SMTP: masquerade internal hostnames.
Use admin@fripost.org instead. We were sending out (to the admin team)
system messages with non-existing or invalid envelope sender addresses,
such as <logcheck@antilop.fripost.org> or <root@mistral.fripost.org>.
| -rw-r--r-- | roles/out/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/out/templates/etc/postfix/canonical.j2 | 10 | ||||
| -rw-r--r-- | roles/out/templates/etc/postfix/main.cf.j2 | 4 |
3 files changed, 26 insertions, 0 deletions
diff --git a/roles/out/tasks/main.yml b/roles/out/tasks/main.yml index 96a557d..0e64443 100644 --- a/roles/out/tasks/main.yml +++ b/roles/out/tasks/main.yml @@ -12,6 +12,18 @@ notify: - Reload Postfix +- name: Copy the canonical maps + template: src=etc/postfix/canonical.j2 + dest=/etc/postfix-{{ postfix_instance[inst].name }}/canonical + owner=root group=root + mode=0644 + +- name: Compile the canonical maps + # no need to reload upon change, as cleanup(8) is short-running + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/canonical db=lmdb + owner=root group=root + mode=0644 + - meta: flush_handlers - name: Start Postfix diff --git a/roles/out/templates/etc/postfix/canonical.j2 b/roles/out/templates/etc/postfix/canonical.j2 new file mode 100644 index 0000000..ed8bb4d --- /dev/null +++ b/roles/out/templates/etc/postfix/canonical.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +# Do NOT edit this file directly! + +# Addresses under $myhostname are typically not valid as envelope +# recipients (eg, logcheck@, root@, etc.). This breaks the sender +# address verification, so we use the admin team's address in the +# envelope. +{% for host in groups.all | sort %} +@{{ hostvars[host].inventory_hostname }} admin@fripost.org +{% endfor %} diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index 6d83710..c05d9a5 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -42,6 +42,10 @@ recipient_delimiter = + relay_domains = relay_transport = error:5.3.2 Relay Transport unavailable +# Replace internal system addresses under $myhostname with a valid address +canonical_maps = lmdb:$config_directory/canonical +canonical_classes = envelope_sender, envelope_recipient + # All header rewriting happens upstream local_header_rewrite_clients = |