diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2016-09-20 16:55:58 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2016-09-20 16:55:58 +0200 |
commit | 43f39850ffd9e658b4d783106ea32d9f5430e633 (patch) | |
tree | 5fdac9bbd29db220a406213f622469d82b366959 /roles | |
parent | c40a1be176ca1e2ea3e211249a0ea6601a00b5db (diff) |
Postscreen: Give temporary whitelist status to primary MX addresses only.
Diffstat (limited to 'roles')
-rw-r--r-- | roles/MX/templates/etc/postfix/main.cf.j2 | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 718be00..86c20cd 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -115,8 +115,15 @@ postscreen_dnsbl_sites = list.dnswl.org=127.[0..255].[0..255].1*-3 list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 -postscreen_greet_action = enforce -postscreen_whitelist_interfaces = !88.80.11.28 ![2a00:16b0:242:13::de30] static:all +postscreen_greet_action = enforce +postscreen_whitelist_interfaces = +{%- for ip in lookup('pipe', 'dig +short '+ postfix_instance.MX.backup +' A').splitlines() %} + !{{ ip }} +{%- endfor %} +{%- for ip in lookup('pipe', 'dig +short '+ postfix_instance.MX.backup +' AAAA').splitlines() %} + ![{{ ip }}] +{%- endfor %} + static:all smtpd_client_restrictions = permit_mynetworks |