Mercurial > repos > other > Puppet

--- a/modules/postfix/files/postscreen_access.cidr	Sat May 14 17:10:10 2016 +0100
+++ b/modules/postfix/files/postscreen_access.cidr	Sat May 21 15:32:13 2016 +0100
@@ -64,4 +64,20 @@
 8.20.114.31 permit
 96.43.144.64/28 permit
 96.43.148.64/28 permit
-96.43.151.64/28 permit
\ No newline at end of file
+96.43.151.64/28 permit
+
+# Twitter IPs taken from "dig TXT twitter.com"
+199.16.156.0/22 permit
+199.59.148.0/22 permit
+8.25.194.0/23 permit
+8.25.196.0/23 permit
+204.92.114.203 permit
+204.92.114.204/31 permit
+23.21.83.90 permit
+
+# Twitter IPs taken from "dig TXT _thirdparty.twitter.com"
+96.43.144.64/31 permit
+96.43.148.64/31 permit
+182.50.78.64/28 permit
+204.14.232.64/28 permit
+204.14.234.64/28 permit
\ No newline at end of file
--- a/modules/postfix/manifests/init.pp	Sat May 14 17:10:10 2016 +0100
+++ b/modules/postfix/manifests/init.pp	Sat May 21 15:32:13 2016 +0100
@@ -79,6 +79,10 @@
   file { '/etc/postfix/postscreen_access.cidr':
     source => 'puppet:///modules/postfix/postscreen_access.cidr',
   }
+  #Private whitelisted IPs for greylisting process
+  file { '/etc/postfix/postscreen_access_private.cidr':
+    source => 'puppet:///private/postfix/postscreen_access_private.cidr',
+  }
   #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with)
   file { '/etc/postfix/sender_access':
     source => 'puppet:///private/postfix/sender_access',
--- a/modules/postfix/templates/main.cf.erb	Sat May 14 17:10:10 2016 +0100
+++ b/modules/postfix/templates/main.cf.erb	Sat May 21 15:32:13 2016 +0100
@@ -81,7 +81,7 @@
 postscreen_non_smtp_command_enable = yes
 postscreen_non_smtp_command_action = enforce

-postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
+postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr, cidr:/etc/postfix/postscreen_access_private.cidr
 postscreen_blacklist_action = enforce

 content_filter = smtp-amavis:[127.0.0.1]:10024
\ No newline at end of file