Outgoing SMTP: masquerade internal hostnames.

Use admin@fripost.org instead.  We were sending out (to the admin team)
system messages with non-existing or invalid envelope sender addresses,
such as <logcheck@antilop.fripost.org> or <root@mistral.fripost.org>.

2 files changed, 14 insertions, 0 deletions

diff --git a/roles/out/templates/etc/postfix/canonical.j2 b/roles/out/templates/etc/postfix/canonical.j2
new file mode 100644
index 0000000..ed8bb4d
--- /dev/null
+++ b/roles/out/templates/etc/postfix/canonical.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+# Do NOT edit this file directly!
+
+# Addresses under $myhostname are typically not valid as envelope
+# recipients (eg, logcheck@, root@, etc.).  This breaks the sender
+# address verification, so we use the admin team's address in the
+# envelope.
+{% for host in groups.all | sort %}
+@{{ hostvars[host].inventory_hostname }}    admin@fripost.org
+{% endfor %}
diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2
index 6d83710..c05d9a5 100644
--- a/roles/out/templates/etc/postfix/main.cf.j2
+++ b/roles/out/templates/etc/postfix/main.cf.j2
@@ -42,6 +42,10 @@ recipient_delimiter = +
 relay_domains       =
 relay_transport     = error:5.3.2 Relay Transport unavailable
 
+# Replace internal system addresses under $myhostname with a valid address
+canonical_maps    = lmdb:$config_directory/canonical
+canonical_classes = envelope_sender, envelope_recipient
+
 # All header rewriting happens upstream
 local_header_rewrite_clients =