diff options
Diffstat (limited to 'ansible/roles/mail-server')
5 files changed, 31 insertions, 0 deletions
diff --git a/ansible/roles/mail-server/files/whitelist_clients.local b/ansible/roles/mail-server/files/whitelist_clients.local new file mode 100644 index 0000000..de54ac6 --- /dev/null +++ b/ansible/roles/mail-server/files/whitelist_clients.local @@ -0,0 +1 @@ +example.com diff --git a/ansible/roles/mail-server/files/whitelist_recipients.local b/ansible/roles/mail-server/files/whitelist_recipients.local new file mode 100644 index 0000000..fc37f9d --- /dev/null +++ b/ansible/roles/mail-server/files/whitelist_recipients.local @@ -0,0 +1 @@ +root@ diff --git a/ansible/roles/mail-server/handlers/main.yml b/ansible/roles/mail-server/handlers/main.yml index c23f773..6cfdfaa 100644 --- a/ansible/roles/mail-server/handlers/main.yml +++ b/ansible/roles/mail-server/handlers/main.yml @@ -3,6 +3,11 @@ name: postfix state: restarted +- name: restart postgrey + systemd: + name: postgrey + state: restarted + - name: restart dovecot systemd: name: dovecot diff --git a/ansible/roles/mail-server/tasks/postfix.yml b/ansible/roles/mail-server/tasks/postfix.yml index 79bfacb..79ed2bb 100644 --- a/ansible/roles/mail-server/tasks/postfix.yml +++ b/ansible/roles/mail-server/tasks/postfix.yml @@ -46,3 +46,21 @@ ) | sponge /etc/postfix/master.cf fi notify: restart postfix + +- name: install whitelisted recipients for postgrey + copy: + src: whitelist_recipients.local + dest: /etc/postgrey/whitelist_recipients.local + owner: root + group: root + mode: 0644 + notify: restart postgrey + +- name: install whitelisted sender domains for postgrey + copy: + src: whitelist_clients.local + dest: /etc/postgrey/whitelist_clients.local + owner: root + group: root + mode: 0644 + notify: restart postgrey diff --git a/ansible/roles/mail-server/templates/postfix.main.cf.j2 b/ansible/roles/mail-server/templates/postfix.main.cf.j2 index 67cefe0..6fcb852 100644 --- a/ansible/roles/mail-server/templates/postfix.main.cf.j2 +++ b/ansible/roles/mail-server/templates/postfix.main.cf.j2 @@ -37,3 +37,9 @@ smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination + +# Enable postgrey. +smtpd_recipient_restrictions = permit_sasl_authenticated, + permit_mynetworks, + reject_unauth_destination, + check_policy_service inet:127.0.0.1:10023
\ No newline at end of file |