From 1387b69c898cb93fd0343603f92670b40b88eb04 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 1 Dec 2013 16:35:46 +0100
Subject: Use a dedicated SMTP port for samhain.

It's unfortunate that samhain cannot use the sendmail binary, and wants
to use a inet socket instead. We use a custom port to avoid
conflicts with the usual SMTP port the MX:es need to listen on.
See also: /usr/share/doc/samhain/TODO.Debian
---
 roles/common/templates/etc/postfix/main.cf.j2 | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'roles/common/templates/etc/postfix/main.cf.j2')

diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
index 3169ac6..0922b49 100644
--- a/roles/common/templates/etc/postfix/main.cf.j2
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -43,6 +43,10 @@ relayhost = [outgoing.fripost.org]:2525
 smtpd_tls_security_level = none
 smtp_tls_security_level  = none
 
+# Turn off all TCP/IP listener ports except that dedicated to
+# samhain(8), which sadly cannot use pickup through the sendmail binary.
+master_service_disable = !16132.inet inet
+
 {% set multi_instance = False %}
 {%- for g in postfix_instance.keys() | sort -%}
   {%- if g in group_names -%}
-- 
cgit v1.2.3