From c55ae1e2a93b1debd8df3ef944c2ddc91055c423 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 14 May 2017 15:02:21 +0200 Subject: MSA: reject null sender address. --- roles/MSA/files/etc/postfix/check_sender_access | 1 + roles/MSA/tasks/main.yml | 14 ++++++++++++++ roles/MSA/templates/etc/postfix/main.cf.j2 | 1 + 3 files changed, 16 insertions(+) create mode 100644 roles/MSA/files/etc/postfix/check_sender_access (limited to 'roles/MSA') diff --git a/roles/MSA/files/etc/postfix/check_sender_access b/roles/MSA/files/etc/postfix/check_sender_access new file mode 100644 index 0000000..07d2874 --- /dev/null +++ b/roles/MSA/files/etc/postfix/check_sender_access @@ -0,0 +1 @@ +<> REJECT Null sender not allowed diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml index 3068e1b..6eff2cf 100644 --- a/roles/MSA/tasks/main.yml +++ b/roles/MSA/tasks/main.yml @@ -22,6 +22,20 @@ owner=root group=root mode=0644 +- name: Copy the check_sender_access map + copy: src=etc/postfix/check_sender_access + dest=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access + owner=root group=root + mode=0644 + +- name: Compile the check_sender_access map + # no need to reload upon change, as cleanup(8) is short-running + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=cdb + owner=root group=root + mode=0644 + notify: + - Reload Postfix + - name: Create directory /etc/postfix/ssl file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl state=directory diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 3c040b0..cbd5264 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -96,6 +96,7 @@ smtpd_helo_restrictions = smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain + check_sender_access cdb:$config_directory/check_sender_access smtpd_relay_restrictions = reject_non_fqdn_recipient -- cgit v1.2.3