From 6dc22513d0e978993c200bd39786cf932c311159 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Fri, 2 Jun 2017 10:06:34 +0200
Subject: postfix: enable XFORWARD command from our internal relays.

---
 roles/common/templates/etc/postfix/master.cf.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/common/templates/etc/postfix/master.cf.j2 b/roles/common/templates/etc/postfix/master.cf.j2
index 71deb29..e2c743d 100644
--- a/roles/common/templates/etc/postfix/master.cf.j2
+++ b/roles/common/templates/etc/postfix/master.cf.j2
@@ -28,9 +28,11 @@ submission inet n       -       -       -       -       smtpd
   -o smtpd_tls_security_level=none
   -o smtpd_sasl_security_options=noanonymous
   -o smtpd_sasl_exceptions_networks=
+  -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128{{ ipsec_subnet is defined | ternary(','+ipsec_subnet, '') }}
 {% endif %}
 {% elif inst in ['IMAP', 'out', 'lists'] %}
 [{{ postfix_instance[inst].addr }}]:{{ postfix_instance[inst].port }} inet n       -       -       -       -       smtpd
+  -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128{{ ipsec_subnet is defined | ternary(','+ipsec_subnet, '') }}
 {% endif %}
 pickup    fifo  n       -       -       60      1       pickup
 cleanup   unix  n       -       -       -       0       cleanup
-- 
cgit v1.2.3