From b5894c224ea973e8d80f249b4f82e9c381fbac6b Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 14 May 2015 23:25:21 +0200 Subject: Upgrade Postfix config to Jessie (MSA & outgoing proxy). --- roles/MSA/templates/etc/postfix/main.cf.j2 | 9 +++++---- roles/common/files/etc/logcheck/ignore.d.server/postfix-local | 2 +- roles/out/templates/etc/postfix/main.cf.j2 | 9 +++++---- 3 files changed, 11 insertions(+), 9 deletions(-) (limited to 'roles') diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index b23d6bb..8ebefde 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -112,14 +112,15 @@ smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain -smtpd_recipient_restrictions = - # RFC requirements - reject_non_fqdn_recipient - reject_unknown_recipient_domain +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject +smtpd_recipient_restrictions = + reject_non_fqdn_recipient + reject_unknown_recipient_domain + smtpd_data_restrictions = reject_unauth_pipelining diff --git a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local index 7632e0f..d85979a 100644 --- a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local +++ b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local @@ -19,7 +19,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/n?qmgr\[[[:digit:]]+\]: [[:alnum:]]+: removed$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/n?qmgr\[[[:digit:]]+\]: [[:alnum:]]+: skipped, still being delivered$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-msa/smtpd\[[[:digit:]]+\]: lost connection after (AUTH|DATA \([[:digit:]]+ bytes\)) from [._[:alnum:]-]+\[[[:digit:].]{7,15}\]$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-(msa|mx)/smtpd\[[[:digit:]]+\]: lost connection after (CONNECT|STARTTLS) from [._[:alnum:]-]+\[([[:digit:].]{7,15}|unknown)\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-\w+/smtpd\[[[:digit:]]+\]: lost connection after (CONNECT|STARTTLS) from [._[:alnum:]-]+\[([[:digit:].]{7,15}|unknown)\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-msa/cleanup\[[[:digit:]]+\]: [[:xdigit:]]{10}: replace: header\s ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-msa/smtpd\[[[:digit:]]+\]: [[:xdigit:]]{10}: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+(, sasl_sender=[-_.@[:alnum:]]+)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-msa/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (PLAIN|LOGIN) authentication failed(:[ [:alnum:]]*)?$ diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index 23a1de2..da8ed48 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -80,14 +80,15 @@ smtpd_helo_restrictions = smtpd_sender_restrictions = reject_non_fqdn_sender -smtpd_recipient_restrictions = - # RFC requirements - reject_non_fqdn_recipient - reject_unknown_recipient_domain +smtpd_relay_restrictions = permit_mynetworks permit_tls_clientcerts reject +smtpd_recipient_restrictions = + reject_non_fqdn_recipient + reject_unknown_recipient_domain + smtpd_data_restrictions = reject_unauth_pipelining -- cgit v1.2.3