Outgoing SMTP proxy.

1 files changed, 4 insertions, 4 deletions

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index e363d70..e3014aa 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -24,61 +24,61 @@ queue_directory       = /var/spool/postfix-{{ postfix_instance[inst].name }}
 data_directory        = /var/lib/postfix-{{ postfix_instance[inst].name }}
 multi_instance_group  = {{ postfix_instance[inst].group | default('') }}
 multi_instance_name   = postfix-{{ postfix_instance[inst].name }}
 multi_instance_enable = yes
 
 # This server is a Mail Submission Agent
 mynetworks_style = host
 inet_interfaces  = all
 
 # No local delivery
 mydestination        =
 local_transport      = error:5.1.1 Mailbox unavailable
 alias_maps           =
 alias_database       =
 local_recipient_maps =
 
 message_size_limit  = 67108864
 recipient_delimiter = +
 
 # Forward everything to our internal mailhub
-{% if 'MTA-out' in group_names %}
-relayhost     = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
+{% if 'out' in group_names %}
+relayhost     = [127.0.0.1]:{{ postfix_instance.out.port }}
 {% else %}
-relayhost     = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
+relayhost     = [outgoing.fripost.org]:{{ postfix_instance.out.port }}
 {% endif %}
 relay_domains =
 
 # Don't rewrite remote headers
 local_header_rewrite_clients     =
 # Avoid splitting the envelope and scanning messages multiple times
 smtp_destination_recipient_limit = 1000
 # Tolerate occasional high latency
 smtp_data_done_timeout           = 1200s
 
 # Anonymize the (authenticated) sender; pass the mail to the antivirus
 header_checks  = pcre:$config_directory/anonymize_sender.pcre
 #content_filter = amavisfeed:unix:public/amavisfeed-antivirus
 
 # Tunnel everything through IPSec
 smtp_tls_security_level = none
-{% if 'MTA-out' in group_names %}
+{% if 'out' in group_names %}
 smtp_bind_address       = 127.0.0.1
 {% else %}
 smtp_bind_address       = 172.16.0.1
 {% endif %}
 
 # TLS
 smtpd_tls_security_level        = encrypt
 smtpd_tls_cert_file             = /etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file              = /etc/ssl/private/ssl-cert-snakeoil.key
 smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
 smtpd_tls_received_header       = yes
 smtpd_tls_ask_ccert             = yes
 smtpd_tls_fingerprint_digest    = sha1
 smtpd_tls_eecdh_grade           = strong
 tls_random_source               = dev:/dev/urandom
 
 # SASL
 smtpd_sasl_auth_enable          = yes
 smtpd_sasl_authenticated_header = no
 smtpd_sasl_local_domain         =