diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2017-05-31 21:42:32 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2017-06-01 01:09:00 +0200 |
| commit | 6e39bad3fbe75b88fca4c2e2aad8eb51af14b1be (patch) | |
| tree | 87898c1653a36f1b23efbef55d6f876d8bc83444 /roles/MSA/tasks | |
| parent | e136d3edbdb6749d4559939dc9fcbc11d166e34c (diff) | |
Don't let authenticated client use arbitrary sender addresses.
The following policy is now implemented:
* users can use their SASL login name as sender address;
* alias and/or list owners can use the address as envelope sender;
* domain postmasters can use arbitrary sender addresses under their
domains;
* domain owners can use arbitrary sender addresses under their domains,
unless it is also an existing account name;
* for known domains without owner or postmasters, other sender addresses
are not allowed; and
* arbitrary sender addresses under unknown domains are allowed.
Diffstat (limited to 'roles/MSA/tasks')
| -rw-r--r-- | roles/MSA/tasks/main.yml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml index 6eff2cf..00c205d 100644 --- a/roles/MSA/tasks/main.yml +++ b/roles/MSA/tasks/main.yml @@ -4,6 +4,28 @@ - postfix - postfix-pcre +- name: Copy Postfix sender login socketmap + copy: src=usr/local/bin/postfix-sender-login.pl + dest=/usr/local/bin/postfix-sender-login.pl + owner=root group=staff + mode=0755 + +- name: Copy Postfix sender login socketmap systemd unit files + copy: src=etc/systemd/system/{{ item }} + dest=/etc/systemd/system/{{ item }} + owner=root group=root + mode=0644 + with_items: + - postfix-sender-login.service + - postfix-sender-login.socket + notify: + - systemctl daemon-reload + +- meta: flush_handlers + +- name: Enable Postfix sender login socketmap + service: name=postfix-sender-login.socket state=started enabled=yes + - name: Configure Postfix template: src=etc/postfix/{{ item }}.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }} |