mail: use srs only for forwards and MDA, not for incoming mails

2019-07-24 09:36:54 +02:00 · 2019-07-24 09:36:54 +02:00 · 83afecfd72
parent 5faf9de93e
commit 83afecfd72
3 changed files with 9 additions and 1 deletions
--- a/roles/mail/templates/dovecot/local.conf.j2
+++ b/roles/mail/templates/dovecot/local.conf.j2
@ -12,6 +12,7 @@ mail_privileged_group = mail
 mail_location = maildir:~/.maildir

 postmaster_address = postmaster@binary-kitchen.de
+submission_host = 127.0.0.1:10025

 ssl = yes
 ssl_cert = </etc/dovecot/ssl/{{ mail_server }}.crt
--- a/roles/mail/templates/postfix/main.cf.j2
+++ b/roles/mail/templates/postfix/main.cf.j2
@ -121,7 +121,7 @@ transport_maps = hash:/etc/postfix/transport
 mailman_destination_recipient_limit = 1

 # postsrsd
-sender_canonical_maps = tcp:localhost:10001
+# sender_canonical_maps = tcp:localhost:10001 - > see master.cf
 sender_canonical_classes = envelope_sender
 recipient_canonical_maps = tcp:localhost:10002
 recipient_canonical_classes = envelope_recipient
--- a/roles/mail/templates/postfix/master.cf.j2
+++ b/roles/mail/templates/postfix/master.cf.j2
@ -12,6 +12,10 @@
 #smtp      inet  n       -       -       -       -       smtpd
 smtp      inet  n       -       -       -       1       postscreen
 smtpd     pass  -       -       -       -       -       smtpd
+127.0.0.1:10025 inet n  -       -       -       -       smtpd
+  -o syslog_name=postfix/forwarding
+  -o { milter_macro_daemon_name = FORWARDING }
+  -o cleanup_service_name=cleanup-srs
 dnsblog   unix  -       -       -       -       0       dnsblog
 tlsproxy  unix  -       -       -       -       0       tlsproxy
 submission inet n       -       -       -       -       smtpd
@ -22,6 +26,7 @@ submission inet n       -       -       -       -       smtpd
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o { milter_macro_daemon_name = ORIGINATING }
+  -o cleanup_service_name=cleanup-srs
 #  -o syslog_name=postfix/submission
 #  -o smtpd_tls_security_level=encrypt
 #  -o smtpd_sasl_auth_enable=yes
@ -45,6 +50,8 @@ submission inet n       -       -       -       -       smtpd
 #628       inet  n       -       -       -       -       qmqpd
 pickup    unix  n       -       -       60      1       pickup
 cleanup   unix  n       -       -       -       0       cleanup
+cleanup-srs unix n      -       -       -       0       cleanup
+  -o { sender_canonical_maps = tcp:localhost:10001 }
 qmgr      unix  n       -       n       300     1       qmgr
 #qmgr     unix  n       -       n       300     1       oqmgr
 tlsmgr    unix  -       -       -       1000?   1       tlsmgr