From bf960a066466d7719ada8fe7bc3dec99d237b88a Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 10 Jul 2016 05:13:33 +0200
Subject: Route all internal SMTP traffic through IPsec.

---
 roles/MX/templates/etc/postfix/main.cf.j2           | 20 +-------------------
 roles/MX/templates/etc/postfix/virtual/transport.j2 | 13 ++-----------
 2 files changed, 3 insertions(+), 30 deletions(-)

(limited to 'roles/MX/templates')

diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index a5caf46..718be00 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -36,11 +36,7 @@ message_size_limit  = 67108864
 recipient_delimiter = +
 
 # Forward everything to our internal outgoing proxy
-{% if 'out' in group_names %}
-relayhost     = [127.0.0.1]:{{ postfix_instance.out.port }}
-{% else %}
-relayhost     = [outgoing.fripost.org]:{{ postfix_instance.out.port }}
-{% endif %}
+relayhost     = [{{ postfix_instance.out.addr | ipaddr }}]:{{ postfix_instance.out.port }}
 relay_domains =
 
 
@@ -73,21 +69,7 @@ reserved-alias_destination_recipient_limit = 1
 smtp_data_done_timeout           = 1200s
 
 
-{% if 'out' in group_names %}
 smtp_tls_security_level         = none
-smtp_bind_address               = 127.0.0.1
-{% else %}
-smtp_tls_security_level         = encrypt
-smtp_tls_ciphers                = high
-smtp_tls_protocols              = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_exclude_ciphers        = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
-smtp_tls_cert_file              = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
-smtp_tls_key_file               = /etc/postfix/ssl/{{ ansible_fqdn }}.key
-smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
-smtp_tls_policy_maps            = cdb:/etc/postfix/tls_policy
-smtp_tls_fingerprint_digest     = sha256
-{% endif %}
-
 smtpd_tls_security_level        = may
 smtpd_tls_ciphers               = medium
 smtpd_tls_protocols             = !SSLv2, !SSLv3
diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2
index 49f3696..126cb72 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport.j2
+++ b/roles/MX/templates/etc/postfix/virtual/transport.j2
@@ -17,14 +17,5 @@
 reserved.fripost.org    reserved-alias:
 discard.fripost.org     discard:
 
-{% if 'LDA' in group_names %}
-mda.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.IMAP.port }}
-{% else %}
-mda.fripost.org smtp:[mda.fripost.org]:{{ postfix_instance.IMAP.port }}
-{% endif %}
-
-{% if 'lists' in group_names %}
-sympa.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }}
-{% else %}
-sympa.fripost.org smtp:[lists.fripost.org]:{{ postfix_instance.lists.port }}
-{% endif %}
+mda.fripost.org   smtp:[{{ postfix_instance.IMAP.addr  | ipaddr }}]:{{ postfix_instance.IMAP.port  }}
+sympa.fripost.org smtp:[{{ postfix_instance.lists.addr | ipaddr }}]:{{ postfix_instance.lists.port }}
-- 
cgit v1.2.3