Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
infra
ansible-shared
communication
Commits
0b5a40e5
Commit
0b5a40e5
authored
Jul 21, 2019
by
Hinrikus Wolf
Browse files
make postscreen optional (default is activated)
parent
3a61c9f3
Changes
3
Hide whitespace changes
Inline
Side-by-side
postfix/defaults/main.yml
View file @
0b5a40e5
...
...
@@ -12,6 +12,8 @@ postfix_tls_key: /etc/ssl/private/privkey.pem
postfix_tls_configuration
:
'
previous'
postfix_prefer_lmtp
:
false
postfix_enable_postscreen
:
true
postfix_enable_memcached
:
false
postfix_login_suffix
:
'
'
postfix_dnsbl_sites
:
...
...
postfix/templates/main.cf.j2
View file @
0b5a40e5
...
...
@@ -32,7 +32,7 @@ smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions =
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
...
...
@@ -78,11 +78,12 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_gid_maps = static:5000
{% endif %}
{% if postfix_enable_postscreen %}
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr
{% if postfix_enable_memcached %}
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
{% else %}
postscreen_cache_map = proxy:btree:/var/lib/postfix/postscreen_cache
{% endif %}
...
...
@@ -97,7 +98,7 @@ postscreen_non_smtp_command_enable = yes
# postscreen_non_smtp_command_action = drop
postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -1
...
...
@@ -105,3 +106,4 @@ postscreen_dnsbl_sites =
{% for site in postfix_dnsbl_sites %}
{{ site.name }}*{{ site.modifier|default(1) }}
{% endfor %}
{% endif %}
postfix/templates/master.cf.j2
View file @
0b5a40e5
...
...
@@ -9,15 +9,18 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
#smtp inet n - y - - smtpd
{% if postfix_enable_postscreen %}
smtp inet n - y - 1 postscreen
{% else %}
smtp inet n - y - - smtpd
{% endif %}
smtpd pass - - y - - smtpd
{% if postfix_content_filter %}
-o content_filter={{ postfix_content_filter }}
{% endif %}
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
submission inet n - y - - smtpd
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment