diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-06-11 16:42:35 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-11 16:42:35 +0200 |
| commit | da47d557d96b0e778f89a676d26570729a25cd13 (patch) | |
| tree | c3cfbe4717f6b570d489f490c8d8edc12ccd9a58 /roles | |
| parent | 28b5b23c285511431923f22263f00ed0e5c19c1c (diff) | |
Use 'double-bounce@fripost.org' as envelope sender for verification probes.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 1 | ||||
| -rw-r--r-- | roles/out/templates/etc/postfix/main.cf.j2 | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 068a225..6e13cff 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -81,40 +81,41 @@ smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache smtpd_tls_received_header = yes smtpd_tls_ask_ccert = yes # SASL smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = unix:private/dovecot-auth strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes +address_verify_sender = $double_bounce_sender@$mydomain unverified_recipient_defer_code = 250 unverified_recipient_reject_code = 550 smtpd_client_restrictions = permit_sasl_authenticated reject smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index 333e72e..3ad80b1 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -51,40 +51,41 @@ smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache relay_clientcerts = cdb:$config_directory/relay_clientcerts smtpd_tls_security_level = may smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5 smtpd_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem smtpd_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache smtpd_tls_received_header = yes smtpd_tls_ask_ccert = yes smtpd_tls_session_cache_timeout = 3600s smtpd_tls_fingerprint_digest = sha256 strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes +address_verify_sender = $double_bounce_sender@$mydomain unverified_recipient_defer_code = 250 unverified_recipient_reject_code = 550 smtpd_client_restrictions = permit_mynetworks permit_tls_clientcerts # We are the only ones using this proxy, but if things go wrong we # want to know why defer smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender smtpd_relay_restrictions = permit_mynetworks permit_tls_clientcerts |