Mercurial > repos > other > Puppet
changeset 316:84a575614d3c
Correct Postfix PROXY listening (and sending)
Listen on the PROXY address but bind to the public address so
that we don't break SPF checking.
Use "smtpd_…" setting when we're using smtpd not postscreen
May not be fixed because we're still seeing errors, but it should
be correct. Investigating "unsupported protocol type: PROXY TCP4".
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Thu, 27 Feb 2020 21:00:28 +0000 |
parents | 469f2ff92df2 |
children | 2a20a5b7f65a |
files | modules/postfix/templates/master.cf.epp |
diffstat | 1 files changed, 5 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/modules/postfix/templates/master.cf.epp Tue Feb 25 21:02:48 2020 +0000 +++ b/modules/postfix/templates/master.cf.epp Thu Feb 27 21:00:28 2020 +0000 @@ -30,18 +30,21 @@ <%- if $mailserver_proxy != undef { -%> [<%= $mailserver_proxy %>]:smtp inet n - n - 1 postscreen -o postscreen_upstream_proxy_protocol=haproxy + -o smtp_bind_address6=<%= $mailserver_ip %> -o receive_override_options=no_address_mappings -o smtpd_sasl_auth_enable=no [<%= $mailserver_proxy %>]:smtps inet n - n - - smtpd - -o postscreen_upstream_proxy_protocol=haproxy + -o smtpd_upstream_proxy_protocol=haproxy + -o smtp_bind_address6=<%= $mailserver_ip %> -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING [<%= $mailserver_proxy %>]:submission inet n - n - - smtpd - -o postscreen_upstream_proxy_protocol=haproxy + -o smtpd_upstream_proxy_protocol=haproxy + -o smtp_bind_address6=<%= $mailserver_ip %> -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject