diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-12-15 23:54:53 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:28 +0200 |
| commit | de0914bf8105fa8c281a326e6e3e4e3f211bb0f3 (patch) | |
| tree | 6f6ae82ecbb46d6e032944ee1efb765c2649fed1 /roles | |
| parent | e4c74a8f95ea5a77e4d65b9b0952ff48a0564161 (diff) | |
wibble
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 3 | ||||
| -rw-r--r-- | roles/common/tasks/logging.yml | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index b182f9e..42b9aca 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -99,20 +99,23 @@ unknown_client_reject_code = 554 smtpd_client_restrictions = permit_sasl_authenticated reject smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain smtpd_recipient_restrictions = # RFC requirements reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated reject_unauth_destination + +smtpd_data_restrictions = + reject_unauth_pipelining diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml index 312c31e..06f06b0 100644 --- a/roles/common/tasks/logging.yml +++ b/roles/common/tasks/logging.yml @@ -14,24 +14,26 @@ - name: Configure logcheck copy: src=etc/logcheck/{{ item }} dest=/etc/logcheck/{{ item }} owner=root group=logcheck mode=0640 with_items: - logcheck.conf - ignore.d.server/common.local - name: Minimal logging policy (1) lineinfile: dest=/etc/logrotate.d/rsyslog regexp="^/var/log/mail.(log|info)$" state=absent - name: Minimal logging policy (2) copy: src=etc/logrotate.d/fripost-mail dest=/etc/logrotate.d/fripost-mail owner=root group=root mode=0644 + tags: + - logrotate # TODO: We also have specialized per-role logcheck rulesets, per-role # logrotate configuration (/etc/logrotate.d), and per-role rsyslog # configuration (/etc/rsyslog.d). |