summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/templates/etc')
-rw-r--r--roles/common/templates/etc/postfix/main.cf.j220
1 files changed, 10 insertions, 10 deletions
diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
index 0922b49..59bf0ba 100644
--- a/roles/common/templates/etc/postfix/main.cf.j2
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -11,11 +11,9 @@ mydomain = {{ ansible_domain }}
append_dot_mydomain = no
# This server is for internal use only
-mynetworks_style = host
-inet_interfaces = loopback-only
-inet_protocols = ipv4
-# Tunnel everything through IPSec
-smtp_bind_address = 172.16.0.1
+mynetworks_style = host
+inet_interfaces = loopback-only
+inet_protocols = ipv4
# No local delivery
mydestination =
@@ -33,15 +31,17 @@ smtp_generic_maps = pcre:$config_directory/generic.pcre
# Forward everything to our internal mailhub
{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:2525
+# TODO: use a UNIX socket instead
+relay_transport = lmtp:unix:private/mta-out
{% else %}
-relayhost = [outgoing.fripost.org]:2525
+relayhost = [{{ MTA_out.IPv4 }}]:{{ MTA_out.port }}
{% endif %}
+relay_domains =
-# This server is for internal use only; external connections are
-# protected by IPSec already
-smtpd_tls_security_level = none
+# Tunnel everything through IPSec
smtp_tls_security_level = none
+smtp_bind_address = 172.16.0.1
+smtpd_tls_security_level = none
# Turn off all TCP/IP listener ports except that dedicated to
# samhain(8), which sadly cannot use pickup through the sendmail binary.