diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2017-05-14 15:02:21 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2017-05-14 15:02:46 +0200 |
| commit | c55ae1e2a93b1debd8df3ef944c2ddc91055c423 (patch) | |
| tree | e6c0a7adf9b6634003eae668277051fc68a1e25c /roles/MSA | |
| parent | 40eaa53a7bcfbf2f120ebff70e06a4657efcb8a7 (diff) | |
MSA: reject null sender address.
Diffstat (limited to 'roles/MSA')
| -rw-r--r-- | roles/MSA/files/etc/postfix/check_sender_access | 1 | ||||
| -rw-r--r-- | roles/MSA/tasks/main.yml | 14 | ||||
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 1 |
3 files changed, 16 insertions, 0 deletions
diff --git a/roles/MSA/files/etc/postfix/check_sender_access b/roles/MSA/files/etc/postfix/check_sender_access new file mode 100644 index 0000000..07d2874 --- /dev/null +++ b/roles/MSA/files/etc/postfix/check_sender_access @@ -0,0 +1 @@ +<> REJECT Null sender not allowed diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml index 3068e1b..6eff2cf 100644 --- a/roles/MSA/tasks/main.yml +++ b/roles/MSA/tasks/main.yml @@ -22,6 +22,20 @@ owner=root group=root mode=0644 +- name: Copy the check_sender_access map + copy: src=etc/postfix/check_sender_access + dest=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access + owner=root group=root + mode=0644 + +- name: Compile the check_sender_access map + # no need to reload upon change, as cleanup(8) is short-running + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=cdb + owner=root group=root + mode=0644 + notify: + - Reload Postfix + - name: Create directory /etc/postfix/ssl file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl state=directory diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 3c040b0..cbd5264 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -96,6 +96,7 @@ smtpd_helo_restrictions = smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain + check_sender_access cdb:$config_directory/check_sender_access smtpd_relay_restrictions = reject_non_fqdn_recipient |