Mercurial > repos > other > Puppet
comparison modules/postfix/templates/master.cf.epp @ 316:84a575614d3c
Correct Postfix PROXY listening (and sending)
Listen on the PROXY address but bind to the public address so
that we don't break SPF checking.
Use "smtpd_…" setting when we're using smtpd not postscreen
May not be fixed because we're still seeing errors, but it should
be correct. Investigating "unsupported protocol type: PROXY TCP4".
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Thu, 27 Feb 2020 21:00:28 +0000 |
| parents | 469f2ff92df2 |
| children | 6c89e2c3b5aa |
comparison
equal
deleted
inserted
replaced
| 315:469f2ff92df2 | 316:84a575614d3c |
|---|---|
| 28 | 28 |
| 29 | 29 |
| 30 <%- if $mailserver_proxy != undef { -%> | 30 <%- if $mailserver_proxy != undef { -%> |
| 31 [<%= $mailserver_proxy %>]:smtp inet n - n - 1 postscreen | 31 [<%= $mailserver_proxy %>]:smtp inet n - n - 1 postscreen |
| 32 -o postscreen_upstream_proxy_protocol=haproxy | 32 -o postscreen_upstream_proxy_protocol=haproxy |
| 33 -o smtp_bind_address6=<%= $mailserver_ip %> | |
| 33 -o receive_override_options=no_address_mappings | 34 -o receive_override_options=no_address_mappings |
| 34 -o smtpd_sasl_auth_enable=no | 35 -o smtpd_sasl_auth_enable=no |
| 35 | 36 |
| 36 [<%= $mailserver_proxy %>]:smtps inet n - n - - smtpd | 37 [<%= $mailserver_proxy %>]:smtps inet n - n - - smtpd |
| 37 -o postscreen_upstream_proxy_protocol=haproxy | 38 -o smtpd_upstream_proxy_protocol=haproxy |
| 39 -o smtp_bind_address6=<%= $mailserver_ip %> | |
| 38 -o smtpd_tls_wrappermode=yes | 40 -o smtpd_tls_wrappermode=yes |
| 39 -o smtpd_sasl_auth_enable=yes | 41 -o smtpd_sasl_auth_enable=yes |
| 40 -o smtpd_client_restrictions=permit_sasl_authenticated,reject | 42 -o smtpd_client_restrictions=permit_sasl_authenticated,reject |
| 41 -o milter_macro_daemon_name=ORIGINATING | 43 -o milter_macro_daemon_name=ORIGINATING |
| 42 | 44 |
| 43 [<%= $mailserver_proxy %>]:submission inet n - n - - smtpd | 45 [<%= $mailserver_proxy %>]:submission inet n - n - - smtpd |
| 44 -o postscreen_upstream_proxy_protocol=haproxy | 46 -o smtpd_upstream_proxy_protocol=haproxy |
| 47 -o smtp_bind_address6=<%= $mailserver_ip %> | |
| 45 -o smtpd_tls_security_level=encrypt | 48 -o smtpd_tls_security_level=encrypt |
| 46 -o smtpd_sasl_auth_enable=yes | 49 -o smtpd_sasl_auth_enable=yes |
| 47 -o smtpd_client_restrictions=permit_sasl_authenticated,reject | 50 -o smtpd_client_restrictions=permit_sasl_authenticated,reject |
| 48 -o milter_macro_daemon_name=ORIGINATING | 51 -o milter_macro_daemon_name=ORIGINATING |
| 49 <%- } -%> | 52 <%- } -%> |