Postfix lists/MDA instances: only include the MX:es' IPs in $mynetworks.

1 files changed, 3 insertions, 1 deletions

diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index faf17de..a879d28 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -2,41 +2,43 @@
 # Mail Delivery Agent (MDA) configuration
 #
 # {{ ansible_managed }}
 # Do NOT edit this file directly!
 
 smtpd_banner     = $myhostname ESMTP $mail_name (Debian/GNU)
 biff             = no
 readme_directory = no
 mail_owner       = postfix
 
 delay_warning_time     = 4h
 maximal_queue_lifetime = 5d
 
 myorigin            = /etc/mailname
 myhostname          = mda{{ imapno | default('') }}.$mydomain
 mydomain            = fripost.org
 append_dot_mydomain = no
 
 mynetworks = 127.0.0.0/8, [::1]/128
 {%- if groups.all | length > 1 -%}
-           , {{ ipsec_subnet }}
+{%- for mx in groups.MX | sort -%}
+           , {{ ipsec[ hostvars[mx].inventory_hostname_short ] | ipaddr }}
+{%- endfor %}
 {% endif %}
 
 queue_directory       = /var/spool/postfix-{{ postfix_instance[inst].name }}
 data_directory        = /var/lib/postfix-{{ postfix_instance[inst].name }}
 multi_instance_group  = {{ postfix_instance[inst].group | default('') }}
 multi_instance_name   = postfix-{{ postfix_instance[inst].name }}
 multi_instance_enable = yes
 
 
 # No local delivery
 mydestination        =
 local_transport      = error:5.1.1 Mailbox unavailable
 alias_maps           =
 alias_database       =
 local_recipient_maps =
 
 message_size_limit  = 0
 recipient_delimiter = +
 
 # No relay: this server is inbound-only