diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-01-14 06:51:03 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:35 +0200 |
| commit | 650db94b3b8dc6665c3883ac29f78adfe23e03f0 (patch) | |
| tree | 8fc334329381952850dda59f16a558d0159305d9 /roles/MSA/templates/etc/postfix | |
| parent | f8a46672a40b29f04a1a6417042759e2c25d4671 (diff) | |
Don't use IPSec to relay messages to localhost.
Diffstat (limited to 'roles/MSA/templates/etc/postfix')
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 685287a..337acd1 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -47,41 +47,45 @@ relayhost = [127.0.0.1]:{{ MTA_out.port }} {% else %} relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }} {% endif %} relay_domains = # Don't rewrite remote headers local_header_rewrite_clients = # Pass the client information along to the content filter smtp_send_xforward_command = yes # Avoid splitting the envelope and scanning messages multiple times smtp_destination_recipient_limit = 1000 # Tolerate occasional high latency smtp_data_done_timeout = 1200s # Anonymize the (authenticated) sender; pass the mail to the antivirus header_checks = pcre:$config_directory/anonymize_sender.pcre #content_filter = amavisfeed:unix:public/amavisfeed-antivirus # Tunnel everything through IPSec smtp_tls_security_level = none +{% if 'MTA-out' in group_names %} +smtp_bind_address = 127.0.0.1 +{% else %} smtp_bind_address = 172.16.0.1 +{% endif %} # TLS smtpd_tls_security_level = encrypt smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_CApath = /etc/ssl/certs/ smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache smtpd_tls_received_header = yes smtpd_tls_ask_ccert = yes smtpd_tls_fingerprint_digest = sha1 smtpd_tls_eecdh_grade = strong tls_random_source = dev:/dev/urandom # SASL smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous |