From 55e9b2a0ebc87a353f9c9496a77b313e41e47bd4 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Jul 2014 01:23:01 +0200
Subject: Perform the alias resolution and address validation solely on the
 MX:es.

We can therefore spare some lookups on the MDA, and use static:all
instead.
---
 roles/common/templates/etc/iptables/services.j2 | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'roles/common/templates/etc/iptables/services.j2')

diff --git a/roles/common/templates/etc/iptables/services.j2 b/roles/common/templates/etc/iptables/services.j2
index 4e78d1e..d24b55d 100644
--- a/roles/common/templates/etc/iptables/services.j2
+++ b/roles/common/templates/etc/iptables/services.j2
@@ -20,6 +20,8 @@ out     tcp     636                                     # LDAPS
 {% endif %}
 {% if 'MX' in group_names %}
 in      tcp     25                                      # SMTP
+out     tcp     {{ postfix_instance.IMAP.port }}
+out     tcp     {{ postfix_instance.lists.port }}
 {% endif %}
 {% if 'out' in group_names %}
 in      tcp     {{ postfix_instance.out.port }}
-- 
cgit v1.2.3