summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-05-14 23:25:21 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:53:32 +0200
commitb5894c224ea973e8d80f249b4f82e9c381fbac6b (patch)
tree892dad36eeb126a1e2c74af5fa06219c96818c0d /roles
parent9606090f1c334445151808cc12b2f4dbdcedb39b (diff)
Upgrade Postfix config to Jessie (MSA & outgoing proxy).
Diffstat (limited to 'roles')
-rw-r--r--roles/MSA/templates/etc/postfix/main.cf.j29
-rw-r--r--roles/common/files/etc/logcheck/ignore.d.server/postfix-local2
-rw-r--r--roles/out/templates/etc/postfix/main.cf.j29
3 files changed, 11 insertions, 9 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index b23d6bb..8ebefde 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -112,14 +112,15 @@ smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
-smtpd_recipient_restrictions =
- # RFC requirements
- reject_non_fqdn_recipient
- reject_unknown_recipient_domain
+smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject
+smtpd_recipient_restrictions =
+ reject_non_fqdn_recipient
+ reject_unknown_recipient_domain
+
smtpd_data_restrictions =
reject_unauth_pipelining
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
index 7632e0f..d85979a 100644
--- a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
+++ b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
@@ -19,7 +19,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/n?qmgr\[[[:digit:]]+\]: [[:alnum:]]+: removed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/n?qmgr\[[[:digit:]]+\]: [[:alnum:]]+: skipped, still being delivered$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-msa/smtpd\[[[:digit:]]+\]: lost connection after (AUTH|DATA \([[:digit:]]+ bytes\)) from [._[:alnum:]-]+\[[[:digit:].]{7,15}\]$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-(msa|mx)/smtpd\[[[:digit:]]+\]: lost connection after (CONNECT|STARTTLS) from [._[:alnum:]-]+\[([[:digit:].]{7,15}|unknown)\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-\w+/smtpd\[[[:digit:]]+\]: lost connection after (CONNECT|STARTTLS) from [._[:alnum:]-]+\[([[:digit:].]{7,15}|unknown)\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-msa/cleanup\[[[:digit:]]+\]: [[:xdigit:]]{10}: replace: header\s
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-msa/smtpd\[[[:digit:]]+\]: [[:xdigit:]]{10}: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+(, sasl_sender=[-_.@[:alnum:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-msa/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (PLAIN|LOGIN) authentication failed(:[ [:alnum:]]*)?$
diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2
index 23a1de2..da8ed48 100644
--- a/roles/out/templates/etc/postfix/main.cf.j2
+++ b/roles/out/templates/etc/postfix/main.cf.j2
@@ -80,14 +80,15 @@ smtpd_helo_restrictions =
smtpd_sender_restrictions =
reject_non_fqdn_sender
-smtpd_recipient_restrictions =
- # RFC requirements
- reject_non_fqdn_recipient
- reject_unknown_recipient_domain
+smtpd_relay_restrictions =
permit_mynetworks
permit_tls_clientcerts
reject
+smtpd_recipient_restrictions =
+ reject_non_fqdn_recipient
+ reject_unknown_recipient_domain
+
smtpd_data_restrictions =
reject_unauth_pipelining