summaryrefslogtreecommitdiffstats
path: root/roles/MX
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-07-10 05:13:33 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-07-10 05:14:29 +0200
commitbf960a066466d7719ada8fe7bc3dec99d237b88a (patch)
tree5a66a7bbdc5dcf30efdfc50215e86d05cf112e46 /roles/MX
parentd6ff0c078e6d70e50c888e016a8a8b9b0d8d7782 (diff)
Route all internal SMTP traffic through IPsec.
Diffstat (limited to 'roles/MX')
-rw-r--r--roles/MX/templates/etc/postfix/main.cf.j220
-rw-r--r--roles/MX/templates/etc/postfix/virtual/transport.j213
2 files changed, 3 insertions, 30 deletions
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index a5caf46..718be00 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -36,11 +36,7 @@ message_size_limit = 67108864
recipient_delimiter = +
# Forward everything to our internal outgoing proxy
-{% if 'out' in group_names %}
-relayhost = [127.0.0.1]:{{ postfix_instance.out.port }}
-{% else %}
-relayhost = [outgoing.fripost.org]:{{ postfix_instance.out.port }}
-{% endif %}
+relayhost = [{{ postfix_instance.out.addr | ipaddr }}]:{{ postfix_instance.out.port }}
relay_domains =
@@ -73,21 +69,7 @@ reserved-alias_destination_recipient_limit = 1
smtp_data_done_timeout = 1200s
-{% if 'out' in group_names %}
smtp_tls_security_level = none
-smtp_bind_address = 127.0.0.1
-{% else %}
-smtp_tls_security_level = encrypt
-smtp_tls_ciphers = high
-smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
-smtp_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
-smtp_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key
-smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
-smtp_tls_policy_maps = cdb:/etc/postfix/tls_policy
-smtp_tls_fingerprint_digest = sha256
-{% endif %}
-
smtpd_tls_security_level = may
smtpd_tls_ciphers = medium
smtpd_tls_protocols = !SSLv2, !SSLv3
diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2
index 49f3696..126cb72 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport.j2
+++ b/roles/MX/templates/etc/postfix/virtual/transport.j2
@@ -17,14 +17,5 @@
reserved.fripost.org reserved-alias:
discard.fripost.org discard:
-{% if 'LDA' in group_names %}
-mda.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.IMAP.port }}
-{% else %}
-mda.fripost.org smtp:[mda.fripost.org]:{{ postfix_instance.IMAP.port }}
-{% endif %}
-
-{% if 'lists' in group_names %}
-sympa.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }}
-{% else %}
-sympa.fripost.org smtp:[lists.fripost.org]:{{ postfix_instance.lists.port }}
-{% endif %}
+mda.fripost.org smtp:[{{ postfix_instance.IMAP.addr | ipaddr }}]:{{ postfix_instance.IMAP.port }}
+sympa.fripost.org smtp:[{{ postfix_instance.lists.addr | ipaddr }}]:{{ postfix_instance.lists.port }}