From fb215fdd82a0b9c2516f8b5b9e953dcf64192c2d Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Mon, 18 May 2020 19:10:32 +0200 Subject: [PATCH] mail: make mail_trusted an array --- group_vars/all/vars.yml | 5 ++++- roles/mail/templates/mailman/mm_cfg.py.j2 | 2 +- roles/mail/templates/postfix/main.cf.j2 | 14 +++++++------- roles/mail/templates/rspamd/local.d/arc.conf.j2 | 2 +- .../templates/rspamd/local.d/dkim_signing.conf.j2 | 2 +- roles/mail/templates/rspamd/local.d/options.inc.j2 | 2 +- 6 files changed, 15 insertions(+), 12 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 52cc417..093e8fd 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -46,7 +46,10 @@ mail_domains: - makerspace-regensburg.de mail_server: mail.binary-kitchen.de mailman_domain: lists.binary-kitchen.de -mail_trusted: 213.166.246.0/28 213.166.246.250/32 [2a02:958:0:f6::]/124 +mail_trusted: +- 213.166.246.0/28 +- 213.166.246.250/32 +- 2a02:958:0:f6::/124 mail_aliases: - "epvpn@binary-kitchen.de noby@binary-kitchen.de" - "info@binary-kitchen.de vorstand@binary-kitchen.de" diff --git a/roles/mail/templates/mailman/mm_cfg.py.j2 b/roles/mail/templates/mailman/mm_cfg.py.j2 index 3b855e3..2652a8c 100644 --- a/roles/mail/templates/mailman/mm_cfg.py.j2 +++ b/roles/mail/templates/mailman/mm_cfg.py.j2 @@ -73,7 +73,7 @@ add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) #------------------------------------------------------------- # The default language for this server. -DEFAULT_SERVER_LANGUAGE = 'de' +DEFAULT_SERVER_LANGUAGE = 'en' #------------------------------------------------------------- # Iirc this was used in pre 2.1, leave it for now diff --git a/roles/mail/templates/postfix/main.cf.j2 b/roles/mail/templates/postfix/main.cf.j2 index b73a1bc..5932b27 100644 --- a/roles/mail/templates/postfix/main.cf.j2 +++ b/roles/mail/templates/postfix/main.cf.j2 @@ -27,12 +27,12 @@ mydomain = {{ mail_domain }} myhostname = {{ ansible_fqdn }} myorigin = $myhostname mydestination = localhost.$mydomain, localhost, {{ mail_srs_domain }} -mynetworks = - 127.0.0.0/8 - [::ffff:127.0.0.0]/104 - [::1]/128 -{% for cidr in mail_trusted.split(' ') %} - {{ cidr }} +mynetworks = + 127.0.0.0/8 + [::ffff:127.0.0.0]/104 + [::1]/128 +{% for cidr in mail_trusted %} + {{ cidr | ipwrap }} {% endfor %} # Alias configuration @@ -107,7 +107,7 @@ milter_protocol = 6 # mailbox / forward definitions virtual_mailbox_domains = {{ mail_domain }} {% for domain in mail_domains %} - {{ domain }} + {{ domain }} {% endfor %} virtual_alias_maps = hash:/etc/postfix/virtual-alias virtual_transport = lmtp:unix:private/dovecot-lmtpd diff --git a/roles/mail/templates/rspamd/local.d/arc.conf.j2 b/roles/mail/templates/rspamd/local.d/arc.conf.j2 index 8ae0f3d..439d4ff 100644 --- a/roles/mail/templates/rspamd/local.d/arc.conf.j2 +++ b/roles/mail/templates/rspamd/local.d/arc.conf.j2 @@ -1,5 +1,5 @@ allow_username_mismatch = true; -sign_networks = [127.0.0.1, ::1, {{ mail_trusted }}]; +sign_networks = [127.0.0.1, ::1, {{ mail_trusted | join(", ") }}]; check_pubkey = true; try_fallback = false; path = "/var/lib/rspamd/dkim/$domain.$selector.key"; diff --git a/roles/mail/templates/rspamd/local.d/dkim_signing.conf.j2 b/roles/mail/templates/rspamd/local.d/dkim_signing.conf.j2 index ae822f0..6d3e105 100644 --- a/roles/mail/templates/rspamd/local.d/dkim_signing.conf.j2 +++ b/roles/mail/templates/rspamd/local.d/dkim_signing.conf.j2 @@ -1,5 +1,5 @@ allow_username_mismatch = true; -sign_networks = [127.0.0.1, ::1, {{ mail_trusted }}]; +sign_networks = [127.0.0.1, ::1, {{ mail_trusted | join(", ") }}]; check_pubkey = true; try_fallback = false; path = "/var/lib/rspamd/dkim/$domain.$selector.key"; diff --git a/roles/mail/templates/rspamd/local.d/options.inc.j2 b/roles/mail/templates/rspamd/local.d/options.inc.j2 index 87a5d1f..93e5f90 100644 --- a/roles/mail/templates/rspamd/local.d/options.inc.j2 +++ b/roles/mail/templates/rspamd/local.d/options.inc.j2 @@ -1 +1 @@ -local_addrs = [127.0.0.1, ::1, {{ mail_trusted }}]; +local_addrs = [127.0.0.1, ::1, {{ mail_trusted | join(", ") }}];