summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-09-20 16:55:58 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-09-20 16:55:58 +0200
commit43f39850ffd9e658b4d783106ea32d9f5430e633 (patch)
tree5fdac9bbd29db220a406213f622469d82b366959 /roles
parentc40a1be176ca1e2ea3e211249a0ea6601a00b5db (diff)
Postscreen: Give temporary whitelist status to primary MX addresses only.
Diffstat (limited to 'roles')
-rw-r--r--roles/MX/templates/etc/postfix/main.cf.j211
1 files changed, 9 insertions, 2 deletions
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 718be00..86c20cd 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -115,8 +115,15 @@ postscreen_dnsbl_sites =
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
-postscreen_greet_action = enforce
-postscreen_whitelist_interfaces = !88.80.11.28 ![2a00:16b0:242:13::de30] static:all
+postscreen_greet_action = enforce
+postscreen_whitelist_interfaces =
+{%- for ip in lookup('pipe', 'dig +short '+ postfix_instance.MX.backup +' A').splitlines() %}
+ !{{ ip }}
+{%- endfor %}
+{%- for ip in lookup('pipe', 'dig +short '+ postfix_instance.MX.backup +' AAAA').splitlines() %}
+ ![{{ ip }}]
+{%- endfor %}
+ static:all
smtpd_client_restrictions =
permit_mynetworks