summaryrefslogtreecommitdiffstats
path: root/roles/MSA/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-05-31 21:42:32 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-06-01 01:09:00 +0200
commit6e39bad3fbe75b88fca4c2e2aad8eb51af14b1be (patch)
tree87898c1653a36f1b23efbef55d6f876d8bc83444 /roles/MSA/tasks
parente136d3edbdb6749d4559939dc9fcbc11d166e34c (diff)
Don't let authenticated client use arbitrary sender addresses.
The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed.
Diffstat (limited to 'roles/MSA/tasks')
-rw-r--r--roles/MSA/tasks/main.yml22
1 files changed, 22 insertions, 0 deletions
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index 6eff2cf..00c205d 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -4,6 +4,28 @@
- postfix
- postfix-pcre
+- name: Copy Postfix sender login socketmap
+ copy: src=usr/local/bin/postfix-sender-login.pl
+ dest=/usr/local/bin/postfix-sender-login.pl
+ owner=root group=staff
+ mode=0755
+
+- name: Copy Postfix sender login socketmap systemd unit files
+ copy: src=etc/systemd/system/{{ item }}
+ dest=/etc/systemd/system/{{ item }}
+ owner=root group=root
+ mode=0644
+ with_items:
+ - postfix-sender-login.service
+ - postfix-sender-login.socket
+ notify:
+ - systemctl daemon-reload
+
+- meta: flush_handlers
+
+- name: Enable Postfix sender login socketmap
+ service: name=postfix-sender-login.socket state=started enabled=yes
+
- name: Configure Postfix
template: src=etc/postfix/{{ item }}.j2
dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }}