summaryrefslogtreecommitdiffstats
path: root/roles/MSA
diff options
context:
space:
mode:
Diffstat (limited to 'roles/MSA')
-rw-r--r--roles/MSA/files/etc/postfix/check_sender_access1
-rw-r--r--roles/MSA/tasks/main.yml14
-rw-r--r--roles/MSA/templates/etc/postfix/main.cf.j21
3 files changed, 16 insertions, 0 deletions
diff --git a/roles/MSA/files/etc/postfix/check_sender_access b/roles/MSA/files/etc/postfix/check_sender_access
new file mode 100644
index 0000000..07d2874
--- /dev/null
+++ b/roles/MSA/files/etc/postfix/check_sender_access
@@ -0,0 +1 @@
+<> REJECT Null sender not allowed
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index 3068e1b..6eff2cf 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -22,6 +22,20 @@
owner=root group=root
mode=0644
+- name: Copy the check_sender_access map
+ copy: src=etc/postfix/check_sender_access
+ dest=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access
+ owner=root group=root
+ mode=0644
+
+- name: Compile the check_sender_access map
+ # no need to reload upon change, as cleanup(8) is short-running
+ postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=cdb
+ owner=root group=root
+ mode=0644
+ notify:
+ - Reload Postfix
+
- name: Create directory /etc/postfix/ssl
file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl
state=directory
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index 3c040b0..cbd5264 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -96,6 +96,7 @@ smtpd_helo_restrictions =
smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_unknown_sender_domain
+ check_sender_access cdb:$config_directory/check_sender_access
smtpd_relay_restrictions =
reject_non_fqdn_recipient