diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-03 03:32:46 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-03 03:43:47 +0100 |
commit | 5d9d8aec510d894f528b21013b6d099be961faf1 (patch) | |
tree | 40cff28f2f2dc57521ec0cc77a1533c8ce2ea408 | |
parent | 31ef7a78bc78a6ce2a24bcc6a4a11574bb2d5483 (diff) |
Upgrade MX baseline to Debian Stretch.
-rw-r--r-- | group_vars/all.yml | 4 | ||||
-rw-r--r-- | roles/MX/templates/etc/postfix/main.cf.j2 | 16 |
2 files changed, 11 insertions, 9 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml index 0406a7e..7386dad 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,9 +1,7 @@ --- non_free_packages: - civett: - - firmware-linux-nonfree elefant: - - firmware-linux-nonfree + - firmware-bnx2 # Virtual (non-routable) IPv4 subnet for IPsec. It is always nullrouted # in the absence of xfrm lookup (i.e., when there is no matching IPsec diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 8362d57..fe51826 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -4,10 +4,12 @@ # {{ ansible_managed }} # Do NOT edit this file directly! -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no -readme_directory = no -mail_owner = postfix +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no +readme_directory = no +mail_owner = postfix +compatibility_level = 2 +smtputf8_enable = no delay_warning_time = 4h maximal_queue_lifetime = 5d @@ -157,8 +159,10 @@ smtpd_recipient_restrictions = check_recipient_access ldap:$config_directory/reject-unknown-client-hostname.cf reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99] reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99] - defer_if_reject reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[100..254] - defer_if_reject reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[100..254] + # defer if "abused legit": DBL return code in the 127.0.1.100+ range + defer_if_reject + reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[100..254] + reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[100..254] smtpd_data_restrictions = reject_unauth_pipelining |