From 4a841439606768e8b8783f4a1bd32096a7bbcd9c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 4 Apr 2018 16:20:03 +0200
Subject: Harden anti spam on the MX:es.

---
 roles/MX/templates/etc/postfix/access-list.cidr.j2 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 roles/MX/templates/etc/postfix/access-list.cidr.j2

(limited to 'roles/MX/templates/etc/postfix/access-list.cidr.j2')

diff --git a/roles/MX/templates/etc/postfix/access-list.cidr.j2 b/roles/MX/templates/etc/postfix/access-list.cidr.j2
new file mode 100644
index 0000000..bd6e3d8
--- /dev/null
+++ b/roles/MX/templates/etc/postfix/access-list.cidr.j2
@@ -0,0 +1,16 @@
+########################################################################
+# Access list, see cidr_table(5)
+#
+# {{ ansible_managed }}
+# Do NOT edit this file directly!
+
+{% if ipsec_subnet is defined %}
+{{ ipsec_subnet }} permit
+{% endif %}
+
+{% for ip in lookup('pipe', 'dig +short outgoing.fripost.org A').splitlines() | sort -%}
+{{ ip }}/32 permit
+{% endfor %}
+{% for ip in lookup('pipe', 'dig +short outgoing.fripost.org AAAA').splitlines() | sort -%}
+{{ ip }}/128 permit
+{% endfor %}
-- 
cgit v1.2.3