From 6e39bad3fbe75b88fca4c2e2aad8eb51af14b1be Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 31 May 2017 21:42:32 +0200 Subject: Don't let authenticated client use arbitrary sender addresses. The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed. --- roles/webmail/tasks/roundcube.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'roles/webmail') diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml index 4c7ac8d..5f41ba0 100644 --- a/roles/webmail/tasks/roundcube.yml +++ b/roles/webmail/tasks/roundcube.yml @@ -83,8 +83,11 @@ - { var: imap_force_ns, value: "true" } - { var: messages_cache, value: "false" } # SMTP - - { var: smtp_server, value: "'{{ postfix_instance.out.addr | ipaddr }}'" } - - { var: smtp_port, value: "{{ postfix_instance.out.port }}" } + - { var: smtp_server, value: "'{{ postfix_instance.MSA.addr | ipaddr }}'" } + - { var: smtp_port, value: "{{ postfix_instance.MSA.port }}" } + - { var: smtp_auth_type, value: "'PLAIN'" } + - { var: smtp_user, value: "'%u'" } + - { var: smtp_pass, value: "'%p'" } # System - { var: force_https, value: "true" } - { var: login_autocomplete, value: "2" } -- cgit v1.2.3