diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-01-14 06:51:03 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:35 +0200 |
| commit | 650db94b3b8dc6665c3883ac29f78adfe23e03f0 (patch) | |
| tree | 8fc334329381952850dda59f16a558d0159305d9 /roles/webmail/templates/etc | |
| parent | f8a46672a40b29f04a1a6417042759e2c25d4671 (diff) | |
Don't use IPSec to relay messages to localhost.
Diffstat (limited to 'roles/webmail/templates/etc')
| -rw-r--r-- | roles/webmail/templates/etc/postfix/main.cf.j2 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/roles/webmail/templates/etc/postfix/main.cf.j2 b/roles/webmail/templates/etc/postfix/main.cf.j2 index cb57b23..cd026d1 100644 --- a/roles/webmail/templates/etc/postfix/main.cf.j2 +++ b/roles/webmail/templates/etc/postfix/main.cf.j2 @@ -46,41 +46,45 @@ recipient_delimiter = + relayhost = [127.0.0.1]:{{ MTA_out.port }} {% else %} relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }} {% endif %} relay_domains = # Don't rewrite remote headers local_header_rewrite_clients = # Pass the client information along to the content filter smtp_send_xforward_command = yes # Avoid splitting the envelope and scanning messages multiple times smtp_destination_recipient_limit = 1000 # Tolerate occasional high latency smtp_data_done_timeout = 1200s # Pass the mail to the antivirus #content_filter = amavisfeed:unix:public/amavisfeed-antivirus # Tunnel everything through IPSec smtp_tls_security_level = none +{% if 'MTA-out' in group_names %} +smtp_bind_address = 127.0.0.1 +{% else %} smtp_bind_address = 172.16.0.1 +{% endif %} smtpd_tls_security_level = none strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes # UCE control unknown_client_reject_code = 554 smtpd_client_restrictions = permit_mynetworks reject smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname |