summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/files/etc/postfix/master.cf1
-rw-r--r--roles/common/templates/etc/iptables/services.j23
-rw-r--r--roles/common/templates/etc/postfix/main.cf.j28
3 files changed, 8 insertions, 4 deletions
diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf
index 4fdbff3..e845371 100644
--- a/roles/common/files/etc/postfix/master.cf
+++ b/roles/common/files/etc/postfix/master.cf
@@ -39,6 +39,7 @@ lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
127.0.0.1:16132 inet n - - - - smtpd
+2525 inet n - - - - smtpd
2526 inet n - - - - smtpd
2527 inet n - - - - smtpd
-o mynetworks=0.0.0.0/0
diff --git a/roles/common/templates/etc/iptables/services.j2 b/roles/common/templates/etc/iptables/services.j2
index 4e21dfc..923aa35 100644
--- a/roles/common/templates/etc/iptables/services.j2
+++ b/roles/common/templates/etc/iptables/services.j2
@@ -19,6 +19,9 @@ in tcp {{ ansible_ssh_port|default('22') }} # SSH
{% if 'MX' in group_names %}
in tcp 25 # SMTP
{% endif %}
+{% if 'out' in group_names %}
+#out tcp 25 # SMTP
+{% endif %}
{% if 'IMAP' in group_names %}
in tcp 993 # IMAPS
in tcp 4190 # ManageSieve
diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
index e594c1e..70d4b98 100644
--- a/roles/common/templates/etc/postfix/main.cf.j2
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -31,16 +31,16 @@ virtual_alias_maps = cdb:/etc/aliases
alias_database = $virtual_alias_maps
# Forward everything to our internal mailhub
-{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
+{% if 'out' in group_names %}
+relayhost = [127.0.0.1]:{{ postfix_instance.out.port }}
{% else %}
-relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
+relayhost = [outgoing.fripost.org]:{{ postfix_instance.out.port }}
{% endif %}
relay_domains =
# Tunnel everything through IPSec
smtp_tls_security_level = none
-{% if 'MTA-out' in group_names %}
+{% if 'out' in group_names %}
smtp_bind_address = 127.0.0.1
{% else %}
smtp_bind_address = 172.16.0.1