Harden anti spam on the MX:es.

author: Guilhem Moulin <guilhem@fripost.org> 2018-04-04 16:20:03 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2018-06-09 00:29:09 +0200
commit: 4a841439606768e8b8783f4a1bd32096a7bbcd9c (patch)
tree: 4f193ca90e8446daf8ff2a9a5402b4c17535bcf5 /roles/MX/templates/etc/postfix/access-list.cidr.j2
parent: 3e41d6be4551f9f5b995e892d0103112a47df86c (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/roles/MX/templates/etc/postfix/access-list.cidr.j2 b/roles/MX/templates/etc/postfix/access-list.cidr.j2
new file mode 100644
index 0000000..bd6e3d8
--- /dev/null
+++ b/roles/MX/templates/etc/postfix/access-list.cidr.j2
@@ -0,0 +1,16 @@
+########################################################################
+# Access list, see cidr_table(5)
+#
+# {{ ansible_managed }}
+# Do NOT edit this file directly!
+
+{% if ipsec_subnet is defined %}
+{{ ipsec_subnet }} permit
+{% endif %}
+
+{% for ip in lookup('pipe', 'dig +short outgoing.fripost.org A').splitlines() | sort -%}
+{{ ip }}/32 permit
+{% endfor %}
+{% for ip in lookup('pipe', 'dig +short outgoing.fripost.org AAAA').splitlines() | sort -%}
+{{ ip }}/128 permit
+{% endfor %}
author	Guilhem Moulin <guilhem@fripost.org>	2018-04-04 16:20:03 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2018-06-09 00:29:09 +0200
commit	4a841439606768e8b8783f4a1bd32096a7bbcd9c (patch)
tree	4f193ca90e8446daf8ff2a9a5402b4c17535bcf5 /roles/MX/templates/etc/postfix/access-list.cidr.j2
parent	3e41d6be4551f9f5b995e892d0103112a47df86c (diff)