diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-11 21:13:19 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-12 13:46:44 +0100 |
| commit | a0d439f832721ab1b4bdcf9ab844ee20d4dc1682 (patch) | |
| tree | 64b56a401e9a92622fb7bf734453882ca4f9d6a4 /roles/common/templates/etc | |
| parent | 7beb915bb8dddac847ca3aca85c187e314a6c0fa (diff) | |
submission: Prospective SPF checking.
Cf. http://www.openspf.org/Best_Practices/Outbound .
Diffstat (limited to 'roles/common/templates/etc')
| -rw-r--r-- | roles/common/templates/etc/postfix/main.cf.j2 | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/postfix/master.cf.j2 | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2 index 279611b..b369d43 100644 --- a/roles/common/templates/etc/postfix/main.cf.j2 +++ b/roles/common/templates/etc/postfix/main.cf.j2 @@ -22,27 +22,27 @@ inet_interfaces = loopback-only # No local delivery mydestination = local_transport = error:5.1.1 Mailbox unavailable alias_maps = local_recipient_maps = # All aliases are virtual default_database_type = lmdb virtual_alias_maps = lmdb:/etc/aliases alias_database = $virtual_alias_maps # Forward everything to our internal outgoing proxy relayhost = [{{ postfix_instance.out.addr | ipaddr }}]:{{ postfix_instance.out.port }} relay_domains = smtp_tls_security_level = none smtpd_tls_security_level = none {% set instances = postfix_instance.keys() | intersect(group_names) | list %} {%- if instances | length > 0 -%} -## Other postfix instances +# Other postfix instances multi_instance_wrapper = $command_directory/postmulti -p -- multi_instance_enable = yes multi_instance_directories ={% for i in instances | sort %} /etc/postfix-{{ postfix_instance[i].name }}{% endfor %} {% endif %} # vim: set filetype=pfmain : diff --git a/roles/common/templates/etc/postfix/master.cf.j2 b/roles/common/templates/etc/postfix/master.cf.j2 index 905c82e..d9cb5d3 100644 --- a/roles/common/templates/etc/postfix/master.cf.j2 +++ b/roles/common/templates/etc/postfix/master.cf.j2 @@ -48,40 +48,44 @@ smtp unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 {% if inst is defined and inst == 'MSA' %} smtp_verify unix - - y - - smtp -o smtp_helo_name=noreply.$mydomain -o smtp_tls_security_level=may -o smtp_tls_ciphers=medium -o smtp_tls_protocols=!SSLv2,!SSLv3 -o smtp_tls_note_starttls_offer=yes -o smtp_tls_session_cache_database=lmdb:$data_directory/smtp_tls_session_cache {% endif %} relay unix - - y - - smtp showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache +{% if inst is defined and inst == 'MSA' %} +policyd-spf unix - n n - 0 spawn + user=policyd-spf argv=/usr/bin/policyd-spf +{% endif %} {% if inst is defined and inst == 'MX' %} reserved-alias unix - n n - - pipe flags=Rhu user=nobody argv=/usr/local/bin/reserved-alias.pl ${sender} ${original_recipient} @fripost.org {% endif %} {% if inst is defined and inst == 'lists' %} sympa unix - n n - - pipe flags=Rhu user=sympa argv=/usr/local/bin/sympa-queue ${user} {% endif %} {% if inst is defined and inst == 'out' %} # Client part (lmtp) - amavis amavisfeed unix - - n - 5 lmtp -o lmtp_destination_recipient_limit=1000 -o lmtp_send_xforward_command=yes -o lmtp_data_done_timeout=1200s -o disable_dns_lookups=yes # Server part (smtpd) - amavis [127.0.0.1]:10025 inet n - y - - smtpd -o content_filter= |