Mercurial > repos > other > Puppet
annotate modules/postfix/templates/main.cf.epp @ 326:63e0b5149cfb
Add fallback relays to Postfix
This allows us to reliably send to IPv4 servers via Mythic-Beasts'
mailserver rather than getting random IPs from the NAT64 servers.
The firewall rules should ensure Postfix doesn't try to send
email out via NAT64 and falls back to the relay. IPv6 will still
go directly.
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 07 Mar 2020 14:29:34 +0000 |
| parents | 0cddcd21c45e |
| children | 8d8dd5c4ec0e |
| rev | line source |
|---|---|
|
314
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 <%- | Stdlib::Host $mailserver, |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 Stdlib::IP::Address $lo_ip, |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 Stdlib::IP::Address $lo_networks, |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 Enum['ipv4', 'ipv6', 'all'] $protocols |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 | |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 -%> |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 data_directory = /var/lib/postfix |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 queue_directory = /var/spool/postfix |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 command_directory = /usr/sbin |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 daemon_directory = /usr/libexec/postfix |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 mail_owner = postfix |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 myhostname = <%= $mailserver %> |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 myorigin = $mydomain |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 inet_interfaces = all |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 inet_protocols = <%= $protocols %> |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 mydestination = $myhostname, localhost.$mydomain, localhost |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 smtp_host_lookup = dns, native |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 unknown_local_recipient_reject_code = 550 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 mynetworks = [<%= $lo_networks %>] |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 relay_domains = |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 alias_maps = hash:/etc/aliases |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 alias_database = hash:/etc/aliases |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 debug_peer_level = 2 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 debugger_command = |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 ddd $daemon_directory/$process_name $process_id & sleep 5 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 sendmail_path = /usr/sbin/sendmail.postfix |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 newaliases_path = /usr/bin/newaliases.postfix |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 mailq_path = /usr/bin/mailq.postfix |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
32 setgid_group = postdrop |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 html_directory = no |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
34 manpage_directory = /usr/share/man |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
35 smtpd_sasl_type = dovecot |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
36 smtpd_sasl_path = private/auth |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 smtpd_sasl_auth_enable = yes |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 policy_time_limit = 3600 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 smtpd_tls_received_header = yes |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 smtpd_tls_security_level = may |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 smtpd_tls_auth_only = no |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 smtpd_tls_loglevel = 0 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 smtpd_tls_ciphers = high |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 smtpd_tls_exclude_ciphers = aNULL, MD5 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 smtpd_tls_protocols = !SSLv2 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 smtpd_tls_mandatory_ciphers = high |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 smtpd_tls_mandatory_protocols = !SSLv2 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 smtpd_tls_key_file = /etc/pki/custom/<%= $mailserver %>.key |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 smtpd_tls_cert_file = /etc/pki/custom/<%= $mailserver %>.crt |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 smtp_tls_CApath = /etc/pki/tls/certs |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 smtp_tls_security_level = may |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 smtp_tls_ciphers = export |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 smtp_tls_exclude_ciphers = aNULL, MD5 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 smtp_tls_protocols = !SSLv2 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 smtp_tls_mandatory_ciphers = high |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 smtp_tls_mandatory_exclude_ciphers = aNULL, MD5 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 smtp_tls_mandatory_protocols = !SSLv2 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 tls_preempt_cipherlist = yes |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
60 smtpd_tls_eecdh_grade = strong |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
61 virtual_mailbox_domains = /etc/postfix/vdomains |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
62 virtual_mailbox_base = /var/mail/vhosts |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 virtual_mailbox_maps = hash:/etc/postfix/vmailbox |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 virtual_uid_maps = static:505 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 virtual_gid_maps = static:505 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
66 virtual_alias_maps = hash:/etc/postfix/valias |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
67 recipient_bcc_maps = hash:/etc/postfix/recipient_bcc |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 smtpd_helo_required = yes |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/helo_whitelist, permit |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
70 smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
71 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/valias-blacklist, check_recipient_access regexp:/etc/postfix/valias-blacklist-regex, check_policy_service unix:private/policy |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
72 smtpd_data_restrictions = reject_unauth_pipelining |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
73 transport_maps = hash:/etc/postfix/transport |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
74 message_size_limit = 15000000 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
75 header_checks = regexp:/etc/postfix/header_checks |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
76 body_checks = regexp:/etc/postfix/body_checks |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
77 smtp_header_checks = regexp:/etc/postfix/smtp_header_checks |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
78 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
79 # The following may not be used by all versions of Postfix |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
80 postscreen_dnsbl_threshold = 2 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
81 postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
82 postscreen_dnsbl_action = enforce |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
83 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
84 postscreen_greet_banner = Establishing connection... |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
85 postscreen_greet_action = enforce |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
86 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
87 postscreen_pipelining_enable = yes |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
88 postscreen_pipelining_action = enforce |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
89 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
90 postscreen_non_smtp_command_enable = yes |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
91 postscreen_non_smtp_command_action = enforce |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
92 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
93 postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access_private.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
94 postscreen_blacklist_action = enforce |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
95 |
|
0cddcd21c45e
Add forgotten "EPP" format template files
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
96 content_filter = smtp-amavis:[<%= $lo_ip %>]:10024 |