Mercurial > repos > other > Puppet
changeset 315:469f2ff92df2
Add a loopback SMTP (for webmail) and strip out other args
By specifying "[ip.add.re.ss]:type" then we're already implicitly
binding to specific IPs
We were also duplicating some values from the config
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Tue, 25 Feb 2020 21:02:48 +0000 |
| parents | 0cddcd21c45e |
| children | 84a575614d3c |
| files | modules/postfix/templates/master.cf.epp |
| diffstat | 1 files changed, 16 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/modules/postfix/templates/master.cf.epp Mon Feb 24 20:53:10 2020 +0000 +++ b/modules/postfix/templates/master.cf.epp Tue Feb 25 21:02:48 2020 +0000 @@ -17,52 +17,47 @@ # ========================================================================== #smtp inet n - n - - smtpd smtpd pass - - n - - smtpd + -o smtpd_sasl_auth_enable=no + +[<%= $lo_ip %>]:smtp inet n - n - 1 smtpd + -o smtpd_sasl_auth_enable=yes + [<%= $mailserver_ip %>]:smtp inet n - n - 1 postscreen - -o smtpd_sasl_auth_enable=yes - -o receive_override_options=no_address_mappings - -o content_filter=smtp-amavis:[<%= $lo_ip %>]:10024 - <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> - -o smtp_bind_address=<%= $mailserver_ip %> - <%- } else { -%> - -o smtp_bind_address6=<%= $mailserver_ip %> - <%- } -%> + -o receive_override_options=no_address_mappings + -o smtpd_sasl_auth_enable=no + + <%- if $mailserver_proxy != undef { -%> [<%= $mailserver_proxy %>]:smtp inet n - n - 1 postscreen - -o smtp_bind_address6=<%= $mailserver_proxy %> -o postscreen_upstream_proxy_protocol=haproxy + -o receive_override_options=no_address_mappings + -o smtpd_sasl_auth_enable=no + [<%= $mailserver_proxy %>]:smtps inet n - n - - smtpd - -o smtp_bind_address6=<%= $mailserver_proxy %> -o postscreen_upstream_proxy_protocol=haproxy -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING + [<%= $mailserver_proxy %>]:submission inet n - n - - smtpd - -o smtp_bind_address6=<%= $mailserver_proxy %> -o postscreen_upstream_proxy_protocol=haproxy -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING <%- } -%> + tlsproxy unix - - n - 0 tlsproxy dnsblog unix - - n - 0 dnsblog + [<%= $mailserver_ip %>]:submission inet n - n - - smtpd - <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> - -o smtp_bind_address=<%= $mailserver_ip %> - <%- } else { -%> - -o smtp_bind_address6=<%= $mailserver_ip %> - <%- } -%> -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING + [<%= $mailserver_ip %>]:smtps inet n - n - - smtpd - <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> - -o smtp_bind_address=<%= $mailserver_ip %> - <%- } else { -%> - -o smtp_bind_address6=<%= $mailserver_ip %> - <%- } -%> -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject