diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-03-19 17:07:40 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-03-19 17:07:40 +0200 |
commit | 72cee2ef907981df4356253ab76e94327a311615 (patch) | |
tree | 9251c7b6292b2feb0f6c96d720ea9993705dd8b6 /ansible/roles/mail-server | |
parent | 176787d3d1e5b72f485a3f456835aa49e81b4e49 (diff) | |
download | ansibleness-72cee2ef907981df4356253ab76e94327a311615.tar.gz |
Add greylisting with postgrey
The whitelisted example.com domain is needed for server-yarns.
Diffstat (limited to 'ansible/roles/mail-server')
5 files changed, 31 insertions, 0 deletions
diff --git a/ansible/roles/mail-server/files/whitelist_clients.local b/ansible/roles/mail-server/files/whitelist_clients.local new file mode 100644 index 0000000..de54ac6 --- /dev/null +++ b/ansible/roles/mail-server/files/whitelist_clients.local @@ -0,0 +1 @@ +example.com diff --git a/ansible/roles/mail-server/files/whitelist_recipients.local b/ansible/roles/mail-server/files/whitelist_recipients.local new file mode 100644 index 0000000..fc37f9d --- /dev/null +++ b/ansible/roles/mail-server/files/whitelist_recipients.local @@ -0,0 +1 @@ +root@ diff --git a/ansible/roles/mail-server/handlers/main.yml b/ansible/roles/mail-server/handlers/main.yml index c23f773..6cfdfaa 100644 --- a/ansible/roles/mail-server/handlers/main.yml +++ b/ansible/roles/mail-server/handlers/main.yml @@ -3,6 +3,11 @@ name: postfix state: restarted +- name: restart postgrey + systemd: + name: postgrey + state: restarted + - name: restart dovecot systemd: name: dovecot diff --git a/ansible/roles/mail-server/tasks/postfix.yml b/ansible/roles/mail-server/tasks/postfix.yml index 79bfacb..79ed2bb 100644 --- a/ansible/roles/mail-server/tasks/postfix.yml +++ b/ansible/roles/mail-server/tasks/postfix.yml @@ -46,3 +46,21 @@ ) | sponge /etc/postfix/master.cf fi notify: restart postfix + +- name: install whitelisted recipients for postgrey + copy: + src: whitelist_recipients.local + dest: /etc/postgrey/whitelist_recipients.local + owner: root + group: root + mode: 0644 + notify: restart postgrey + +- name: install whitelisted sender domains for postgrey + copy: + src: whitelist_clients.local + dest: /etc/postgrey/whitelist_clients.local + owner: root + group: root + mode: 0644 + notify: restart postgrey diff --git a/ansible/roles/mail-server/templates/postfix.main.cf.j2 b/ansible/roles/mail-server/templates/postfix.main.cf.j2 index 67cefe0..6fcb852 100644 --- a/ansible/roles/mail-server/templates/postfix.main.cf.j2 +++ b/ansible/roles/mail-server/templates/postfix.main.cf.j2 @@ -37,3 +37,9 @@ smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination + +# Enable postgrey. +smtpd_recipient_restrictions = permit_sasl_authenticated, + permit_mynetworks, + reject_unauth_destination, + check_policy_service inet:127.0.0.1:10023
\ No newline at end of file |