2 files changed, 2 insertions, 0 deletions

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index 85ef821..54be606 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -88,40 +88,41 @@ smtpd_tls_session_cache_database=
 smtpd_tls_received_header       = yes
 smtpd_tls_ask_ccert             = yes
 
 # SASL
 smtpd_sasl_auth_enable          = yes
 smtpd_sasl_authenticated_header = no
 smtpd_sasl_local_domain         =
 smtpd_sasl_exceptions_networks  = $mynetworks
 smtpd_sasl_security_options     = noanonymous, noplaintext
 smtpd_sasl_tls_security_options = noanonymous
 broken_sasl_auth_clients        = yes
 smtpd_sasl_type                 = dovecot
 smtpd_sasl_path                 = unix:private/dovecot-auth
 
 
 strict_rfc821_envelopes = yes
 smtpd_delay_reject      = yes
 disable_vrfy_command    = yes
 
 address_verify_sender            = $double_bounce_sender@$mydomain
+address_verify_sender_ttl        = 24h
 unverified_recipient_defer_code  = 250
 unverified_recipient_reject_code = 550
 
 smtpd_client_restrictions =
     permit_sasl_authenticated
     reject
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     reject_invalid_helo_hostname
 
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
 
 smtpd_relay_restrictions =
     reject_non_fqdn_recipient
     reject_unknown_recipient_domain
     reject_unverified_recipient
     permit_mynetworks
diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2
index 1e1fe74..ddd46d5 100644
--- a/roles/out/templates/etc/postfix/main.cf.j2
+++ b/roles/out/templates/etc/postfix/main.cf.j2
@@ -56,40 +56,41 @@ smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
 relay_clientcerts               = cdb:$config_directory/relay_clientcerts
 smtpd_tls_security_level        = may
 smtpd_tls_ciphers               = high
 smtpd_tls_protocols             = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_exclude_ciphers       = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
 smtpd_tls_cert_file             = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
 smtpd_tls_key_file              = /etc/postfix/ssl/{{ ansible_fqdn }}.key
 smtpd_tls_dh1024_param_file     = /etc/ssl/dhparams.pem
 smtpd_tls_session_cache_database=
 smtpd_tls_received_header       = yes
 smtpd_tls_ask_ccert             = yes
 smtpd_tls_session_cache_timeout = 3600s
 smtpd_tls_fingerprint_digest    = sha256
 
 
 strict_rfc821_envelopes = yes
 smtpd_delay_reject      = yes
 disable_vrfy_command    = yes
 
 address_verify_sender            = $double_bounce_sender@$mydomain
+address_verify_sender_ttl        = 24h
 unverified_recipient_defer_code  = 250
 unverified_recipient_reject_code = 550
 
 smtpd_client_restrictions =
     permit_mynetworks
     permit_tls_clientcerts
     # We are the only ones using this proxy, but if things go wrong we
     # want to know why
     defer
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     reject_invalid_helo_hostname
 
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
 
 smtpd_relay_restrictions =
     reject_non_fqdn_recipient
     reject_unknown_recipient_domain