# HG changeset patch # User IBBoard # Date 1582664568 0 # Node ID 469f2ff92df27a644ef7b01c428cb0e6bc925d48 # Parent 0cddcd21c45e99029caba3264f4a8c6a4e454415 Add a loopback SMTP (for webmail) and strip out other args By specifying "[ip.add.re.ss]:type" then we're already implicitly binding to specific IPs We were also duplicating some values from the config diff -r 0cddcd21c45e -r 469f2ff92df2 modules/postfix/templates/master.cf.epp --- a/modules/postfix/templates/master.cf.epp Mon Feb 24 20:53:10 2020 +0000 +++ b/modules/postfix/templates/master.cf.epp Tue Feb 25 21:02:48 2020 +0000 @@ -17,52 +17,47 @@ # ========================================================================== #smtp inet n - n - - smtpd smtpd pass - - n - - smtpd + -o smtpd_sasl_auth_enable=no + +[<%= $lo_ip %>]:smtp inet n - n - 1 smtpd + -o smtpd_sasl_auth_enable=yes + [<%= $mailserver_ip %>]:smtp inet n - n - 1 postscreen - -o smtpd_sasl_auth_enable=yes - -o receive_override_options=no_address_mappings - -o content_filter=smtp-amavis:[<%= $lo_ip %>]:10024 - <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> - -o smtp_bind_address=<%= $mailserver_ip %> - <%- } else { -%> - -o smtp_bind_address6=<%= $mailserver_ip %> - <%- } -%> + -o receive_override_options=no_address_mappings + -o smtpd_sasl_auth_enable=no + + <%- if $mailserver_proxy != undef { -%> [<%= $mailserver_proxy %>]:smtp inet n - n - 1 postscreen - -o smtp_bind_address6=<%= $mailserver_proxy %> -o postscreen_upstream_proxy_protocol=haproxy + -o receive_override_options=no_address_mappings + -o smtpd_sasl_auth_enable=no + [<%= $mailserver_proxy %>]:smtps inet n - n - - smtpd - -o smtp_bind_address6=<%= $mailserver_proxy %> -o postscreen_upstream_proxy_protocol=haproxy -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING + [<%= $mailserver_proxy %>]:submission inet n - n - - smtpd - -o smtp_bind_address6=<%= $mailserver_proxy %> -o postscreen_upstream_proxy_protocol=haproxy -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING <%- } -%> + tlsproxy unix - - n - 0 tlsproxy dnsblog unix - - n - 0 dnsblog + [<%= $mailserver_ip %>]:submission inet n - n - - smtpd - <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> - -o smtp_bind_address=<%= $mailserver_ip %> - <%- } else { -%> - -o smtp_bind_address6=<%= $mailserver_ip %> - <%- } -%> -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING + [<%= $mailserver_ip %>]:smtps inet n - n - - smtpd - <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> - -o smtp_bind_address=<%= $mailserver_ip %> - <%- } else { -%> - -o smtp_bind_address6=<%= $mailserver_ip %> - <%- } -%> -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject