summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-12-01 17:08:53 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:00 +0200
commit4895573883df830a82b65b8ecf96abde18370147 (patch)
tree171d5847392e60dc11b130d54626215def2de1ff /roles/common/templates/etc
parent1387b69c898cb93fd0343603f92670b40b88eb04 (diff)
Share master.cf accross all Postfix instances.
And use main.cf's 'master_service_disable' setting to deactivate each service that's useless for a given instance. (Hence solve conflict when trying to listen twice on the same port, for instance.)
Diffstat (limited to 'roles/common/templates/etc')
-rw-r--r--roles/common/templates/etc/postfix/main.cf.j220
1 files changed, 10 insertions, 10 deletions
diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
index 0922b49..59bf0ba 100644
--- a/roles/common/templates/etc/postfix/main.cf.j2
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -11,11 +11,9 @@ mydomain = {{ ansible_domain }}
append_dot_mydomain = no
# This server is for internal use only
-mynetworks_style = host
-inet_interfaces = loopback-only
-inet_protocols = ipv4
-# Tunnel everything through IPSec
-smtp_bind_address = 172.16.0.1
+mynetworks_style = host
+inet_interfaces = loopback-only
+inet_protocols = ipv4
# No local delivery
mydestination =
@@ -33,15 +31,17 @@ smtp_generic_maps = pcre:$config_directory/generic.pcre
# Forward everything to our internal mailhub
{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:2525
+# TODO: use a UNIX socket instead
+relay_transport = lmtp:unix:private/mta-out
{% else %}
-relayhost = [outgoing.fripost.org]:2525
+relayhost = [{{ MTA_out.IPv4 }}]:{{ MTA_out.port }}
{% endif %}
+relay_domains =
-# This server is for internal use only; external connections are
-# protected by IPSec already
-smtpd_tls_security_level = none
+# Tunnel everything through IPSec
smtp_tls_security_level = none
+smtp_bind_address = 172.16.0.1
+smtpd_tls_security_level = none
# Turn off all TCP/IP listener ports except that dedicated to
# samhain(8), which sadly cannot use pickup through the sendmail binary.