Rename variable to make it's purpose clearer
This commit is contained in:
parent
73de99bbda
commit
5ef68a7f78
3 changed files with 18 additions and 16 deletions
|
|
@ -47,6 +47,7 @@
|
|||
- sender_checks
|
||||
- transport_global_exceptions
|
||||
- transport_relay
|
||||
- virtual_domains
|
||||
notify: reload postfix
|
||||
|
||||
- name: "Postfix | Run postmap"
|
||||
|
|
@ -63,6 +64,7 @@
|
|||
- file: relay_checks
|
||||
- file: sender_checks
|
||||
- file: transport_relay
|
||||
- file: virtual_domains
|
||||
|
||||
- name: "Postfix | Create dhparam file"
|
||||
community.crypto.openssl_dhparam:
|
||||
|
|
|
|||
|
|
@ -128,7 +128,7 @@ smtp_sasl_security_options = noanonymous
|
|||
#### Postscreen
|
||||
postscreen_access_list =
|
||||
permit_mynetworks
|
||||
cidr:/etc/postfix/conf.d/postscreen_access.cidr
|
||||
cidr:{{ postfix_conf_dir }}/postscreen_access.cidr
|
||||
postscreen_blacklist_action = drop
|
||||
|
||||
# Pregreeting
|
||||
|
|
@ -157,7 +157,7 @@ smtpd_restriction_classes = permit_login_mismatch
|
|||
smtpd_client_restrictions =
|
||||
permit_mynetworks,
|
||||
permit_sasl_authenticated,
|
||||
check_client_access cdb:/etc/postfix/conf.d/client_checks,
|
||||
check_client_access cdb:{{ postfix_conf_dir }}/client_checks,
|
||||
reject_unknown_client_hostname,
|
||||
permit
|
||||
|
||||
|
|
@ -168,28 +168,28 @@ smtpd_helo_required = yes
|
|||
smtpd_helo_restrictions =
|
||||
permit_mynetworks,
|
||||
permit_sasl_authenticated,
|
||||
check_helo_access pcre:/etc/postfix/conf.d/helo_checks,
|
||||
check_helo_access pcre:{{ postfix_conf_dir }}/helo_checks,
|
||||
reject_non_fqdn_helo_hostname,
|
||||
reject_invalid_helo_hostname,
|
||||
permit
|
||||
|
||||
smtpd_sender_restrictions =
|
||||
permit_mynetworks,
|
||||
check_sender_access cdb:/etc/postfix/conf.d/sender_checks,
|
||||
check_sender_access cdb:{{ postfix_conf_dir }}/sender_checks,
|
||||
reject_non_fqdn_sender,
|
||||
reject_unknown_sender_domain,
|
||||
check_sender_mx_access cidr:/etc/postfix/conf.d/bogus_mx,
|
||||
check_sender_mx_access cidr:{{ postfix_conf_dir }}/bogus_mx,
|
||||
#Uncomment the next two lines to block mails from other servers with our domain as MAIL FROM
|
||||
#permit_sasl_authenticated,
|
||||
#check_sender_access hash:/etc/postfix/conf.d/sender_checks_domain,
|
||||
#check_sender_access hash:{{ postfix_conf_dir }}/sender_checks_domain,
|
||||
permit
|
||||
|
||||
{% if postfix_submission is defined and postfix_submission %}
|
||||
# Restrictions for submission port
|
||||
mua_sender_restrictions =
|
||||
check_sasl_access cdb:/etc/postfix/conf.d/permit_sasl_login_mismatch,
|
||||
check_sasl_access cdb:{{ postfix_conf_dir }}/permit_sasl_login_mismatch,
|
||||
permit_mynetworks,
|
||||
check_sender_access cdb:/etc/postfix/conf.d/sender_checks,
|
||||
check_sender_access cdb:{{ postfix_conf_dir }}/sender_checks,
|
||||
reject_non_fqdn_sender,
|
||||
reject_unknown_sender_domain,
|
||||
reject_sender_login_mismatch,
|
||||
|
|
@ -204,13 +204,13 @@ permit_login_mismatch =
|
|||
|
||||
{% if postfix_submission is defined and postfix_submission %}
|
||||
submission_bad_smtp_user_check =
|
||||
check_sasl_access cdb:/etc/postfix/conf.d/bad_smtp_auth_users
|
||||
check_sasl_access cdb:{{ postfix_conf_dir }}/bad_smtp_auth_users
|
||||
{% endif %}
|
||||
|
||||
smtpd_relay_restrictions =
|
||||
permit_mynetworks,
|
||||
permit_sasl_authenticated,
|
||||
check_client_access cdb:/etc/postfix/conf.d/relay_checks,
|
||||
check_client_access cdb:{{ postfix_conf_dir }}/relay_checks,
|
||||
reject_unauth_destination
|
||||
|
||||
smtpd_recipient_restrictions =
|
||||
|
|
@ -227,7 +227,7 @@ unverified_recipient_reject_code = 550
|
|||
|
||||
smtpd_data_restrictions =
|
||||
reject_multi_recipient_bounce,
|
||||
check_recipient_access pcre:/etc/postfix/conf.d/header_add,
|
||||
check_recipient_access pcre:{{ postfix_conf_dir }}/header_add,
|
||||
|
||||
### Connection limits
|
||||
smtpd_client_connection_rate_limit = 100
|
||||
|
|
@ -240,7 +240,7 @@ default_destination_rate_delay = 60s
|
|||
default_destination_recipient_limit = 1
|
||||
default_destination_concurrency_failed_cohort_limit = 10
|
||||
|
||||
header_checks = pcre:/etc/postfix/conf.d/header_checks
|
||||
header_checks = pcre:{{ postfix_conf_dir }}/header_checks
|
||||
|
||||
### Spam and DKIM
|
||||
{% if postfix_smtpd_milters is defined %}
|
||||
|
|
|
|||
|
|
@ -38,8 +38,8 @@ submission inet n - y - - smtpd
|
|||
{% endif %}
|
||||
-o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||
-o cleanup_service_name=subclean
|
||||
{% if postfix_submission_alternative_port is defined %}
|
||||
{{ postfix_submission_alternative_port }} inet n - y - - smtpd
|
||||
{% if postfix_submission_non_tls_port is defined %}
|
||||
{{ postfix_submission_non_tls_port }} inet n - y - - smtpd
|
||||
-o syslog_name=postfix/submission-local
|
||||
-o smtpd_tls_security_level=none
|
||||
-o smtpd_client_restrictions=permit_mynetworks,reject
|
||||
|
|
@ -82,9 +82,9 @@ postlog unix-dgram n - n - 1 postlogd
|
|||
|
||||
# Outbound: Remove sensible headers
|
||||
subclean unix n - y - 0 cleanup
|
||||
-o header_checks=regexp:/etc/postfix/conf.d/header_treatment
|
||||
-o header_checks=regexp:{{ postfix_conf_dir }}/header_treatment
|
||||
|
||||
# Inbound: Remove some headers
|
||||
smtpd-in unix n - y - 0 cleanup
|
||||
-o syslog_name=postfix/smtpd-in
|
||||
-o header_checks=pcre:/etc/postfix/conf.d/header_checks_inbound
|
||||
-o header_checks=pcre:{{ postfix_conf_dir }}/header_checks_inbound
|
||||
|
|
|
|||
Loading…
Reference in a new issue