summaryrefslogtreecommitdiffstats
path: root/roles/MSA/tasks/main.yml
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-20 15:46:27 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-21 03:40:53 +0200
commit6d1daa0424c168eae4bfa9f6772add3f77ec506f (patch)
treea45e83f4fefa0a3976c534078d26d3ff003e9935 /roles/MSA/tasks/main.yml
parent5118f8d3394579a245b355c863c69410fe92e26e (diff)
postfix-sender-login: Better hardening.
Run as a dedicated user, not ‘postfix’.
Diffstat (limited to 'roles/MSA/tasks/main.yml')
-rw-r--r--roles/MSA/tasks/main.yml16
1 files changed, 16 insertions, 0 deletions
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index c78139a..2eee925 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -6,12 +6,28 @@
- postfix-pcre
- postfix-policyd-spf-python
+- name: Install Net::LDAP and Authen::SASL
+ apt: pkg={{ packages }}
+ vars:
+ packages:
+ - libnet-ldap-perl
+ - libauthen-sasl-perl
+
- name: Copy Postfix sender login socketmap
copy: src=usr/local/bin/postfix-sender-login.pl
dest=/usr/local/bin/postfix-sender-login.pl
owner=root group=staff
mode=0755
+- name: Create '_postfix-sender-login' user
+ user: name=_postfix-sender-login system=yes
+ group=nogroup
+ createhome=no
+ home=/nonexistent
+ shell=/usr/sbin/nologin
+ password=!
+ state=present
+
- name: Copy Postfix sender login socketmap systemd unit files
copy: src=etc/systemd/system/{{ item }}
dest=/etc/systemd/system/{{ item }}