Assume a DNS entry for each role.

E.g., ldap.fripost.org, ntp.fripost.org, etc.  (Ideally the DNS zone
would be provisioned by ansible, too.)  It's a bit unclear how to index
the subdomains (mx{1,2,3}, etc), though.

1 files changed, 2 insertions, 2 deletions

diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
index 83f97b4..169ad40 100644
--- a/roles/common/templates/etc/postfix/main.cf.j2
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -18,43 +18,43 @@ append_dot_mydomain = no
 mynetworks_style = host
 inet_interfaces  = loopback-only
 inet_protocols   = ipv4
 
 # No local delivery
 mydestination        =
 local_transport      = error:5.1.1 Mailbox unavailable
 alias_maps           =
 local_recipient_maps =
 
 # All aliases are virtual
 default_database_type = cdb
 virtual_alias_maps    = cdb:/etc/aliases
 alias_database        = $virtual_alias_maps
 
 # Transform local FQDN addresses to addresses routable on the internet
 smtp_generic_maps = pcre:$config_directory/generic.pcre
 
 # Forward everything to our internal mailhub
 {% if 'MTA-out' in group_names %}
-relayhost     = [127.0.0.1]:{{ MTA_out.port }}
+relayhost     = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
 {% else %}
-relayhost     = [{{ MTA_out.host }}]:{{ MTA_out.port }}
+relayhost     = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
 {% endif %}
 relay_domains =
 
 # Tunnel everything through IPSec
 smtp_tls_security_level  = none
 {% if 'MTA-out' in group_names %}
 smtp_bind_address        = 127.0.0.1
 {% else %}
 smtp_bind_address        = 172.16.0.1
 {% endif %}
 smtpd_tls_security_level = none
 
 # Turn off all TCP/IP listener ports except that dedicated to
 # samhain(8), which sadly cannot use pickup through the sendmail binary.
 master_service_disable = !127.0.0.1:16132.inet inet
 
 {% set multi_instance = False %}
 {%- for g in postfix_instance.keys() | sort -%}
   {%- if g in group_names -%}
     {%- if not multi_instance -%}