Mercurial > repos > other > Puppet
changeset 89:a2d6032c6811 puppet-3.6
Whitelist Google's IPs so that they don't get greylisted
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 10 Jan 2016 20:24:22 +0000 |
| parents | e8c0c74767f1 |
| children | 5d6111879862 |
| files | modules/postfix/files/postscreen_access.cidr modules/postfix/manifests/init.pp modules/postfix/templates/main.cf.erb |
| diffstat | 3 files changed, 20 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/postfix/files/postscreen_access.cidr Sun Jan 10 20:24:22 2016 +0000 @@ -0,0 +1,13 @@ +# Google IPs taken from "dig TXT _netblocks.google.com" +64.18.0.0/20 permit +64.233.160.0/19 permit +66.102.0.0/20 permit +66.249.80.0/20 permit +72.14.192.0/18 permit +74.125.0.0/16 permit +108.177.8.0/21 permit +173.194.0.0/16 permit +207.126.144.0/20 permit +209.85.128.0/17 permit +216.58.192.0/19 permit +216.239.32.0/19 permit \ No newline at end of file
--- a/modules/postfix/manifests/init.pp Tue Jan 05 21:00:52 2016 +0000 +++ b/modules/postfix/manifests/init.pp Sun Jan 10 20:24:22 2016 +0000 @@ -71,6 +71,10 @@ file { '/etc/postfix/helo_whitelist': source => 'puppet:///private/postfix/helo_whitelist', } + #Whitelisted IPs for greylisting process + file { '/etc/postfix/postscreen_access.cidr': + source => 'puppet:///modules/postfix/postscreen_access.cidr', + } #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with) file { '/etc/postfix/sender_access': source => 'puppet:///private/postfix/sender_access',
--- a/modules/postfix/templates/main.cf.erb Tue Jan 05 21:00:52 2016 +0000 +++ b/modules/postfix/templates/main.cf.erb Sun Jan 10 20:24:22 2016 +0000 @@ -80,4 +80,7 @@ postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce +postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr +postscreen_blacklist_action = enforce + content_filter = smtp-amavis:[127.0.0.1]:10024 \ No newline at end of file