make postscreen optional (default is activated)

0b5a40e5 · Hinrikus Wolf · 3a61c9f3 · 0b5a40e5 · 0b5a40e5 · 0b5a40e5
Commit 0b5a40e5 authored Jul 21, 2019 by Hinrikus Wolf
--- a/postfix/defaults/main.yml
+++ b/postfix/defaults/main.yml
@@ -12,6 +12,8 @@ postfix_tls_key: /etc/ssl/private/privkey.pem
 postfix_tls_configuration: 'previous'

 postfix_prefer_lmtp: false
+
+postfix_enable_postscreen: true
 postfix_enable_memcached: false
 postfix_login_suffix: ''
 postfix_dnsbl_sites:

--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
@@ -32,7 +32,7 @@ smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 smtpd_sasl_auth_enable = yes
-smtpd_relay_restrictions = 
+smtpd_relay_restrictions =
 	permit_mynetworks
 	permit_sasl_authenticated
 	defer_unauth_destination
@@ -78,11 +78,12 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp
 virtual_gid_maps = static:5000
 {% endif %}

+{% if postfix_enable_postscreen %}
 postscreen_access_list = permit_mynetworks
                         cidr:/etc/postfix/postscreen_access.cidr
 {% if postfix_enable_memcached %}
 postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
-proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache 
+proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
 {% else %}
 postscreen_cache_map = proxy:btree:/var/lib/postfix/postscreen_cache
 {% endif %}
@@ -97,7 +98,7 @@ postscreen_non_smtp_command_enable = yes
 # postscreen_non_smtp_command_action = drop
 postscreen_bare_newline_enable = yes
 postscreen_bare_newline_action = drop
- 
+
 postscreen_dnsbl_action = enforce
 postscreen_dnsbl_threshold = 2
 postscreen_dnsbl_whitelist_threshold = -1
@@ -105,3 +106,4 @@ postscreen_dnsbl_sites =
 {% for site in postfix_dnsbl_sites %}
 	{{ site.name }}*{{ site.modifier|default(1) }}
 {% endfor %}
+{% endif %}
--- a/postfix/templates/master.cf.j2
+++ b/postfix/templates/master.cf.j2
@@ -9,15 +9,18 @@
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================

-#smtp     inet  n       -       y       -       -       smtpd
+{% if postfix_enable_postscreen %}
 smtp      inet  n       -       y       -       1       postscreen
+{% else %}
+smtp     inet  n       -       y       -       -       smtpd
+{% endif %}
 smtpd     pass  -       -       y       -       -       smtpd
 {% if postfix_content_filter %}
  -o content_filter={{ postfix_content_filter }}
 {% endif %}
 dnsblog   unix  -       -       y       -       0       dnsblog
 tlsproxy  unix  -       -       y       -       0       tlsproxy
-submission inet n       -       y       -       -       smtpd 
+submission inet n       -       y       -       -       smtpd
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject