diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-03 03:32:46 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-03 03:43:47 +0100 |
| commit | 5d9d8aec510d894f528b21013b6d099be961faf1 (patch) | |
| tree | 40cff28f2f2dc57521ec0cc77a1533c8ce2ea408 /roles | |
| parent | 31ef7a78bc78a6ce2a24bcc6a4a11574bb2d5483 (diff) | |
Upgrade MX baseline to Debian Stretch.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/MX/templates/etc/postfix/main.cf.j2 | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 8362d57..fe51826 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -1,30 +1,32 @@ ######################################################################## # Mail eXchange (MX) configuration # # {{ ansible_managed }} # Do NOT edit this file directly! -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no -readme_directory = no -mail_owner = postfix +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no +readme_directory = no +mail_owner = postfix +compatibility_level = 2 +smtputf8_enable = no delay_warning_time = 4h maximal_queue_lifetime = 5d myorigin = /etc/mailname myhostname = mx{{ mxno | default('') }}.$mydomain mydomain = fripost.org append_dot_mydomain = no mynetworks_style = host queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }} data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }} multi_instance_group = {{ postfix_instance[inst].group | default('') }} multi_instance_name = postfix-{{ postfix_instance[inst].name }} multi_instance_enable = yes # No local delivery mydestination = local_transport = error:5.1.1 Mailbox unavailable @@ -140,27 +142,29 @@ smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain smtpd_relay_restrictions = reject_non_fqdn_recipient permit_mynetworks reject_unauth_destination reject_unlisted_recipient smtpd_recipient_restrictions = check_client_access cidr:$config_directory/access-list.cidr check_recipient_access ldap:$config_directory/reject-unknown-client-hostname.cf reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99] reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99] - defer_if_reject reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[100..254] - defer_if_reject reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[100..254] + # defer if "abused legit": DBL return code in the 127.0.1.100+ range + defer_if_reject + reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[100..254] + reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[100..254] smtpd_data_restrictions = reject_unauth_pipelining # vim: set filetype=pfmain : |