|  | Commit message (Collapse) | Author | Age | Files | 
|---|
| | |  | 
| | 
| 
| 
| 
| | For some reason giraff doesn't like IPSec.  App-level TLS sessions are
less efficient, but thanks to ansible it still scales well. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | In fact we want to only rewrite the envelope sender:
    :/etc/postfix/main.cf
    # Overwrite local FQDN envelope sender addresses
    sender_canonical_classes       = envelope_sender
    propagate_unmatched_extensions =
    sender_canonical_maps          = cdb:$config_directory/sender_canonical
    :/etc/postfix/sender_canonical
    @elefant.fripost.org     admin@fripost.org
However, when canonical(5) processes a mail sent vias sendmail(1), it
rewrites the envelope sender which seems to *later* be use as From:
header. | 
| | 
| 
| 
| 
| 
| | E.g., ldap.fripost.org, ntp.fripost.org, etc.  (Ideally the DNS zone
would be provisioned by ansible, too.)  It's a bit unclear how to index
the subdomains (mx{1,2,3}, etc), though. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | And use main.cf's 'master_service_disable' setting to deactivate each
service that's useless for a given instance. (Hence solve conflict when
trying to listen twice on the same port, for instance.) | 
| | 
| 
| 
| 
| 
| 
| | It's unfortunate that samhain cannot use the sendmail binary, and wants
to use a inet socket instead. We use a custom port to avoid
conflicts with the usual SMTP port the MX:es need to listen on.
See also: /usr/share/doc/samhain/TODO.Debian | 
|  | We use a dedicated instance for each role: MDA, MTA out, MX, etc. |