# HG changeset patch # User IBBoard # Date 1463841133 -3600 # Node ID 28a4e01b904bce732539213cef02fd32b2ef4448 # Parent ef0926ee389ab495626015ab2dc945ff9e0b5bcc Add more Postscreen whitelisting, and a private section diff -r ef0926ee389a -r 28a4e01b904b modules/postfix/files/postscreen_access.cidr --- a/modules/postfix/files/postscreen_access.cidr Sat May 14 17:10:10 2016 +0100 +++ b/modules/postfix/files/postscreen_access.cidr Sat May 21 15:32:13 2016 +0100 @@ -64,4 +64,20 @@ 8.20.114.31 permit 96.43.144.64/28 permit 96.43.148.64/28 permit -96.43.151.64/28 permit \ No newline at end of file +96.43.151.64/28 permit + +# Twitter IPs taken from "dig TXT twitter.com" +199.16.156.0/22 permit +199.59.148.0/22 permit +8.25.194.0/23 permit +8.25.196.0/23 permit +204.92.114.203 permit +204.92.114.204/31 permit +23.21.83.90 permit + +# Twitter IPs taken from "dig TXT _thirdparty.twitter.com" +96.43.144.64/31 permit +96.43.148.64/31 permit +182.50.78.64/28 permit +204.14.232.64/28 permit +204.14.234.64/28 permit \ No newline at end of file diff -r ef0926ee389a -r 28a4e01b904b modules/postfix/manifests/init.pp --- a/modules/postfix/manifests/init.pp Sat May 14 17:10:10 2016 +0100 +++ b/modules/postfix/manifests/init.pp Sat May 21 15:32:13 2016 +0100 @@ -79,6 +79,10 @@ file { '/etc/postfix/postscreen_access.cidr': source => 'puppet:///modules/postfix/postscreen_access.cidr', } + #Private whitelisted IPs for greylisting process + file { '/etc/postfix/postscreen_access_private.cidr': + source => 'puppet:///private/postfix/postscreen_access_private.cidr', + } #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with) file { '/etc/postfix/sender_access': source => 'puppet:///private/postfix/sender_access', diff -r ef0926ee389a -r 28a4e01b904b modules/postfix/templates/main.cf.erb --- a/modules/postfix/templates/main.cf.erb Sat May 14 17:10:10 2016 +0100 +++ b/modules/postfix/templates/main.cf.erb Sat May 21 15:32:13 2016 +0100 @@ -81,7 +81,7 @@ postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce -postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr +postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr, cidr:/etc/postfix/postscreen_access_private.cidr postscreen_blacklist_action = enforce content_filter = smtp-amavis:[127.0.0.1]:10024 \ No newline at end of file