From 170dc68f9275dffb48fbe3f8ebb2183cd7ddf111 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 1 Jul 2014 14:38:52 +0200 Subject: Outgoing SMTP proxy. --- roles/common/files/etc/postfix/master.cf | 1 + roles/common/templates/etc/iptables/services.j2 | 3 +++ roles/common/templates/etc/postfix/main.cf.j2 | 8 ++++---- 3 files changed, 8 insertions(+), 4 deletions(-) (limited to 'roles/common') diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf index 4fdbff3..e845371 100644 --- a/roles/common/files/etc/postfix/master.cf +++ b/roles/common/files/etc/postfix/master.cf @@ -39,6 +39,7 @@ lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache 127.0.0.1:16132 inet n - - - - smtpd +2525 inet n - - - - smtpd 2526 inet n - - - - smtpd 2527 inet n - - - - smtpd -o mynetworks=0.0.0.0/0 diff --git a/roles/common/templates/etc/iptables/services.j2 b/roles/common/templates/etc/iptables/services.j2 index 4e21dfc..923aa35 100644 --- a/roles/common/templates/etc/iptables/services.j2 +++ b/roles/common/templates/etc/iptables/services.j2 @@ -19,6 +19,9 @@ in tcp {{ ansible_ssh_port|default('22') }} # SSH {% if 'MX' in group_names %} in tcp 25 # SMTP {% endif %} +{% if 'out' in group_names %} +#out tcp 25 # SMTP +{% endif %} {% if 'IMAP' in group_names %} in tcp 993 # IMAPS in tcp 4190 # ManageSieve diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2 index e594c1e..70d4b98 100644 --- a/roles/common/templates/etc/postfix/main.cf.j2 +++ b/roles/common/templates/etc/postfix/main.cf.j2 @@ -31,16 +31,16 @@ virtual_alias_maps = cdb:/etc/aliases alias_database = $virtual_alias_maps # Forward everything to our internal mailhub -{% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }} +{% if 'out' in group_names %} +relayhost = [127.0.0.1]:{{ postfix_instance.out.port }} {% else %} -relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }} +relayhost = [outgoing.fripost.org]:{{ postfix_instance.out.port }} {% endif %} relay_domains = # Tunnel everything through IPSec smtp_tls_security_level = none -{% if 'MTA-out' in group_names %} +{% if 'out' in group_names %} smtp_bind_address = 127.0.0.1 {% else %} smtp_bind_address = 172.16.0.1 -- cgit v1.2.3