From 5d9d8aec510d894f528b21013b6d099be961faf1 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Dec 2018 03:32:46 +0100 Subject: Upgrade MX baseline to Debian Stretch. --- group_vars/all.yml | 4 +--- roles/MX/templates/etc/postfix/main.cf.j2 | 16 ++++++++++------ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 0406a7e..7386dad 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,9 +1,7 @@ --- non_free_packages: - civett: - - firmware-linux-nonfree elefant: - - firmware-linux-nonfree + - firmware-bnx2 # Virtual (non-routable) IPv4 subnet for IPsec. It is always nullrouted # in the absence of xfrm lookup (i.e., when there is no matching IPsec diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 8362d57..fe51826 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -4,10 +4,12 @@ # {{ ansible_managed }} # Do NOT edit this file directly! -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no -readme_directory = no -mail_owner = postfix +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no +readme_directory = no +mail_owner = postfix +compatibility_level = 2 +smtputf8_enable = no delay_warning_time = 4h maximal_queue_lifetime = 5d @@ -157,8 +159,10 @@ smtpd_recipient_restrictions = check_recipient_access ldap:$config_directory/reject-unknown-client-hostname.cf reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99] reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99] - defer_if_reject reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[100..254] - defer_if_reject reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[100..254] + # defer if "abused legit": DBL return code in the 127.0.1.100+ range + defer_if_reject + reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[100..254] + reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[100..254] smtpd_data_restrictions = reject_unauth_pipelining -- cgit v1.2.3