Add greylisting with postgrey

The whitelisted example.com domain is needed for server-yarns.
author: Lars Wirzenius <liw@liw.fi> 2017-03-19 17:07:40 +0200
committer: Lars Wirzenius <liw@liw.fi> 2017-03-19 17:07:40 +0200
commit: 72cee2ef907981df4356253ab76e94327a311615 (patch)
tree: 9251c7b6292b2feb0f6c96d720ea9993705dd8b6 /ansible/roles/mail-server
parent: 176787d3d1e5b72f485a3f456835aa49e81b4e49 (diff)
download: ansibleness-72cee2ef907981df4356253ab76e94327a311615.tar.gz
5 files changed, 31 insertions, 0 deletions
diff --git a/ansible/roles/mail-server/files/whitelist_clients.local b/ansible/roles/mail-server/files/whitelist_clients.local
new file mode 100644
index 0000000..de54ac6
--- /dev/null
+++ b/ansible/roles/mail-server/files/whitelist_clients.local
@@ -0,0 +1 @@
+example.com
diff --git a/ansible/roles/mail-server/files/whitelist_recipients.local b/ansible/roles/mail-server/files/whitelist_recipients.local
new file mode 100644
index 0000000..fc37f9d
--- /dev/null
+++ b/ansible/roles/mail-server/files/whitelist_recipients.local
@@ -0,0 +1 @@
+root@
diff --git a/ansible/roles/mail-server/handlers/main.yml b/ansible/roles/mail-server/handlers/main.yml
index c23f773..6cfdfaa 100644
--- a/ansible/roles/mail-server/handlers/main.yml
+++ b/ansible/roles/mail-server/handlers/main.yml
@@ -3,6 +3,11 @@
     name: postfix
     state: restarted
 
+- name: restart postgrey
+  systemd:
+    name: postgrey
+    state: restarted
+
 - name: restart dovecot
   systemd:
     name: dovecot
diff --git a/ansible/roles/mail-server/tasks/postfix.yml b/ansible/roles/mail-server/tasks/postfix.yml
index 79bfacb..79ed2bb 100644
--- a/ansible/roles/mail-server/tasks/postfix.yml
+++ b/ansible/roles/mail-server/tasks/postfix.yml
@@ -46,3 +46,21 @@
       ) | sponge /etc/postfix/master.cf
     fi
   notify: restart postfix
+
+- name: install whitelisted recipients for postgrey
+  copy:
+    src: whitelist_recipients.local
+    dest: /etc/postgrey/whitelist_recipients.local
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postgrey
+
+- name: install whitelisted sender domains for postgrey
+  copy:
+    src: whitelist_clients.local
+    dest: /etc/postgrey/whitelist_clients.local
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postgrey
diff --git a/ansible/roles/mail-server/templates/postfix.main.cf.j2 b/ansible/roles/mail-server/templates/postfix.main.cf.j2
index 67cefe0..6fcb852 100644
--- a/ansible/roles/mail-server/templates/postfix.main.cf.j2
+++ b/ansible/roles/mail-server/templates/postfix.main.cf.j2
@@ -37,3 +37,9 @@ smtpd_relay_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_unauth_destination
+
+# Enable postgrey.
+smtpd_recipient_restrictions = permit_sasl_authenticated,
+           permit_mynetworks,
+           reject_unauth_destination,
+           check_policy_service inet:127.0.0.1:10023
+\ No newline at end of file
author	Lars Wirzenius <liw@liw.fi>	2017-03-19 17:07:40 +0200
committer	Lars Wirzenius <liw@liw.fi>	2017-03-19 17:07:40 +0200
commit	72cee2ef907981df4356253ab76e94327a311615 (patch)
tree	9251c7b6292b2feb0f6c96d720ea9993705dd8b6 /ansible/roles/mail-server
parent	176787d3d1e5b72f485a3f456835aa49e81b4e49 (diff)
download	ansibleness-72cee2ef907981df4356253ab76e94327a311615.tar.gz