Mercurial > repos > other > Puppet
comparison modules/postfix/templates/master.cf.epp @ 316:84a575614d3c
Correct Postfix PROXY listening (and sending)
Listen on the PROXY address but bind to the public address so
that we don't break SPF checking.
Use "smtpd_…" setting when we're using smtpd not postscreen
May not be fixed because we're still seeing errors, but it should
be correct. Investigating "unsupported protocol type: PROXY TCP4".
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Thu, 27 Feb 2020 21:00:28 +0000 |
parents | 469f2ff92df2 |
children | 6c89e2c3b5aa |
comparison
equal
deleted
inserted
replaced
315:469f2ff92df2 | 316:84a575614d3c |
---|---|
28 | 28 |
29 | 29 |
30 <%- if $mailserver_proxy != undef { -%> | 30 <%- if $mailserver_proxy != undef { -%> |
31 [<%= $mailserver_proxy %>]:smtp inet n - n - 1 postscreen | 31 [<%= $mailserver_proxy %>]:smtp inet n - n - 1 postscreen |
32 -o postscreen_upstream_proxy_protocol=haproxy | 32 -o postscreen_upstream_proxy_protocol=haproxy |
33 -o smtp_bind_address6=<%= $mailserver_ip %> | |
33 -o receive_override_options=no_address_mappings | 34 -o receive_override_options=no_address_mappings |
34 -o smtpd_sasl_auth_enable=no | 35 -o smtpd_sasl_auth_enable=no |
35 | 36 |
36 [<%= $mailserver_proxy %>]:smtps inet n - n - - smtpd | 37 [<%= $mailserver_proxy %>]:smtps inet n - n - - smtpd |
37 -o postscreen_upstream_proxy_protocol=haproxy | 38 -o smtpd_upstream_proxy_protocol=haproxy |
39 -o smtp_bind_address6=<%= $mailserver_ip %> | |
38 -o smtpd_tls_wrappermode=yes | 40 -o smtpd_tls_wrappermode=yes |
39 -o smtpd_sasl_auth_enable=yes | 41 -o smtpd_sasl_auth_enable=yes |
40 -o smtpd_client_restrictions=permit_sasl_authenticated,reject | 42 -o smtpd_client_restrictions=permit_sasl_authenticated,reject |
41 -o milter_macro_daemon_name=ORIGINATING | 43 -o milter_macro_daemon_name=ORIGINATING |
42 | 44 |
43 [<%= $mailserver_proxy %>]:submission inet n - n - - smtpd | 45 [<%= $mailserver_proxy %>]:submission inet n - n - - smtpd |
44 -o postscreen_upstream_proxy_protocol=haproxy | 46 -o smtpd_upstream_proxy_protocol=haproxy |
47 -o smtp_bind_address6=<%= $mailserver_ip %> | |
45 -o smtpd_tls_security_level=encrypt | 48 -o smtpd_tls_security_level=encrypt |
46 -o smtpd_sasl_auth_enable=yes | 49 -o smtpd_sasl_auth_enable=yes |
47 -o smtpd_client_restrictions=permit_sasl_authenticated,reject | 50 -o smtpd_client_restrictions=permit_sasl_authenticated,reject |
48 -o milter_macro_daemon_name=ORIGINATING | 51 -o milter_macro_daemon_name=ORIGINATING |
49 <%- } -%> | 52 <%- } -%> |