mail: add postsrsd to stop breaking forwards for SPF domains
This commit is contained in:
parent
43f1633a22
commit
5df4457b0e
@ -1,25 +1,28 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37623461646334336463353434343836326161626164393862386461646664383165646661626266
|
||||
3732623932366265396465376633613563386535663732630a393336623331306434326438383636
|
||||
61313032623264376131366162303831663066616236653439323737663938366462323039613162
|
||||
3535356231333131610a613466633666323762646630663461353135303934303231363938653338
|
||||
33653466333738373461396432303765313935396439366566303338313938616632363266343738
|
||||
33346538333531326636653236663062326435343164333839656663383466646364333637313565
|
||||
30393561383236353833316563336435363835363661616561353734623464333365393639633935
|
||||
31356339313133393634383938306536643932616131363834653461616635323330366534356530
|
||||
66373636373662616239376566396164323863383134613135623263326431353463616337363561
|
||||
39376431623330373036653534356339663665373766306433366164613430313032336636653331
|
||||
31353165353131616634303138363064333066393566663039393165363866363262386136646661
|
||||
64653332623436303666613063346534323037646462373663613436666362366266303463373931
|
||||
38306664643338623566626339666433636638383032353161383431623963336263363431363333
|
||||
35353166353630323534336162333432326639623961323364396666393431393435643937303434
|
||||
36343534626230396130303735343061343661666161663434383862613637636138346630386238
|
||||
34656666383363333139333539363535633637333764343866643061346434313265343466656238
|
||||
32626665343065376635633266333835386661343333616535376162623734623863323633623939
|
||||
31383830306163373565326531623838656266316663393863633738383961646466396631343933
|
||||
36316437316463326633326338366365663564646663306431303530313939336630653539363833
|
||||
37373232306338636634383062616231306261383939316132366533663334353038333539663330
|
||||
30303764383138616633313662393661316332646135666566633939623233373737303964363636
|
||||
36306230656362383763666562396666313933643339656665656266653861386435313231623331
|
||||
61373433313237303764643362363336623635316364653139383261616366376430643330656131
|
||||
66616661613866613064
|
||||
33346463653863326630313739393238353131306365373534303661383738313662323237363835
|
||||
6531663763306562396639663162376162316163646465620a646261663530393337373465323036
|
||||
61366539333364616533666331356334343436383731636564656462643962336631653732656233
|
||||
6339373936343963380a386532306663336234623563336661653830653362653661326166343765
|
||||
66313334373532636430353064373237353162326539393234636165313136396162633337306266
|
||||
32303835323763343131333364313863623531333338633133376233613561393761373763343964
|
||||
31396134623236393639373236393833663336376132623731663463386661303532643539356565
|
||||
64366366333533623763653162666164383766386635373866626638656362663330383164633533
|
||||
38646233356464316639353161623839623035343862393866393762336234613035363561363831
|
||||
35653666373836323464363636346264666537656363386431666530363031303935373331326232
|
||||
38613831383033623537656638303262396634373531373839306238613438376637616565633666
|
||||
65666430663639666230656135316430626534313939363338643064613338336363653939303166
|
||||
37333364363633316638353739643634623762633966666134646439376237323861313361393030
|
||||
62303666623935663530626632393830656437666530613030363131376264326334323137386161
|
||||
31636636313033326131313962396534336238303962656631653961396130303132306433363165
|
||||
65613232646365306262383263376165323462653636656535383039353133333765393036633530
|
||||
65376239633437643563636136333238306133313732373139633532663232336331326439396234
|
||||
36383362313739663631393266313363356434323461626137643039383661353532336237303966
|
||||
65393237613463626561643739363737313131393639383661303931343435383165663835633937
|
||||
63623066326536316134366461643737316263353235353961663364643634666661376564363531
|
||||
38323863613465613733653331623139663138616639626339373436666630306436386139663431
|
||||
38353036336435313238643664376633326665306433346265366636663635363031383939656539
|
||||
38393962356363646134346431663930346139326361613431613765363463353661313034616131
|
||||
64643831353639313030363763626133343736643433663732393730663466323535333939346233
|
||||
35396664336661613961393533346264623633643430633766346364366361356633336461366361
|
||||
63663735323630656238643962373036306466646330666334336664613834306362633562386334
|
||||
653164613435363436666361376364623461
|
||||
|
3
roles/mail/defaults/main.yml
Normal file
3
roles/mail/defaults/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
mail_postsrsd_secret: "{{ vault_mail_postsrsd_secret }}"
|
||||
mail_srs_domain: "srs.{{ mail_domain }}"
|
@ -8,6 +8,9 @@
|
||||
- name: Restart postfix
|
||||
service: name=postfix state=restarted
|
||||
|
||||
- name: Restart postsrsd
|
||||
service: name=postsrsd state=restarted
|
||||
|
||||
- name: Restart redis
|
||||
service: name=redis state=restarted
|
||||
|
||||
|
@ -22,6 +22,7 @@
|
||||
- redis-server
|
||||
- redis-tools
|
||||
- rspamd
|
||||
- postsrsd
|
||||
|
||||
- name: Create vmail group
|
||||
group: name=vmail gid=500 state=present
|
||||
@ -131,6 +132,13 @@
|
||||
- postfix/master.cf
|
||||
notify: Restart postfix
|
||||
|
||||
- name: Configure postsrsd
|
||||
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
||||
with_items:
|
||||
- default/postsrsd
|
||||
- postsrsd.secret
|
||||
notify: Restart postsrsd
|
||||
|
||||
- name: Configure postfix maps
|
||||
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
||||
with_items:
|
||||
@ -167,6 +175,9 @@
|
||||
- name: Start postfix
|
||||
service: name=postfix state=started enabled=yes
|
||||
|
||||
- name: Start postsrsd
|
||||
service: name=postfix state=started enabled=yes
|
||||
|
||||
- name: Start redis
|
||||
service: name=rspamd state=started enabled=yes
|
||||
|
||||
|
45
roles/mail/templates/default/postsrsd.j2
Normal file
45
roles/mail/templates/default/postsrsd.j2
Normal file
@ -0,0 +1,45 @@
|
||||
# Default settings for postsrsd
|
||||
|
||||
# Local domain name.
|
||||
# Addresses are rewritten to originate from this domain. The default value
|
||||
# is taken from `postconf -h mydomain` and probably okay.
|
||||
#
|
||||
SRS_DOMAIN={{ mail_srs_domain }}
|
||||
|
||||
# Exclude additional domains.
|
||||
# You may list domains which shall not be subjected to address rewriting.
|
||||
# If a domain name starts with a dot, it matches all subdomains, but not
|
||||
# the domain itself. Separate multiple domains by space or comma.
|
||||
#
|
||||
SRS_EXCLUDE_DOMAINS=.{{ mail_domain }} {{ mail_domain }}
|
||||
{%- for domain in mail_domains %}
|
||||
.{{ domain }} {{ domain }}
|
||||
{%- endfor %}
|
||||
|
||||
# First separator character after SRS0 or SRS1.
|
||||
# Can be one of: -+=
|
||||
SRS_SEPARATOR==
|
||||
|
||||
# Secret key to sign rewritten addresses.
|
||||
# When postsrsd is installed for the first time, a random secret is generated
|
||||
# and stored in /etc/postsrsd.secret. For most installations, that's just fine.
|
||||
#
|
||||
SRS_SECRET=/etc/postsrsd.secret
|
||||
|
||||
# Local ports for TCP list.
|
||||
# These ports are used to bind the TCP list for postfix. If you change
|
||||
# these, you have to modify the postfix settings accordingly. The ports
|
||||
# are bound to the loopback interface, and should never be exposed on
|
||||
# the internet.
|
||||
#
|
||||
SRS_FORWARD_PORT=10001
|
||||
SRS_REVERSE_PORT=10002
|
||||
|
||||
# Drop root privileges and run as another user after initialization.
|
||||
# This is highly recommended as postsrsd handles untrusted input.
|
||||
#
|
||||
RUN_AS=postsrsd
|
||||
|
||||
# Jail daemon in chroot environment
|
||||
CHROOT=/var/lib/postsrsd
|
||||
|
@ -26,7 +26,7 @@ postscreen_greet_action = enforce
|
||||
mydomain = {{ mail_domain }}
|
||||
myhostname = {{ ansible_fqdn }}
|
||||
myorigin = $myhostname
|
||||
mydestination = localhost.$mydomain, localhost
|
||||
mydestination = localhost.$mydomain, localhost, {{ mail_srs_domain }}
|
||||
mynetworks =
|
||||
127.0.0.0/8
|
||||
[::ffff:127.0.0.0]/104
|
||||
@ -119,3 +119,9 @@ relay_domains = {{ mailman_domain }}
|
||||
relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
|
||||
transport_maps = hash:/etc/postfix/transport
|
||||
mailman_destination_recipient_limit = 1
|
||||
|
||||
# postsrsd
|
||||
sender_canonical_maps = tcp:localhost:10001
|
||||
sender_canonical_classes = envelope_sender
|
||||
recipient_canonical_maps = tcp:localhost:10002
|
||||
recipient_canonical_classes = envelope_recipient
|
||||
|
1
roles/mail/templates/postsrsd.secret.j2
Normal file
1
roles/mail/templates/postsrsd.secret.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ mail_postsrsd_secret }}
|
Loading…
Reference in New Issue
Block a user