Configure Postfix to reject mail on the sender blocklist

3 files changed, 16 insertions, 0 deletions

diff --git a/ansible/roles/postfix/handlers/main.yml b/ansible/roles/postfix/handlers/main.yml
index 01a6753..430d487 100644
--- a/ansible/roles/postfix/handlers/main.yml
+++ b/ansible/roles/postfix/handlers/main.yml
@@ -16,3 +16,7 @@
 - name: Regenerate transport table
   command: postmap /etc/postfix/transport
   changed_when: true
+
+- name: Regenerate sender access table
+  command: postmap /etc/postfix/sender_access
+  changed_when: true
diff --git a/ansible/roles/postfix/tasks/main.yml b/ansible/roles/postfix/tasks/main.yml
index 1e0e7ba..9723276 100644
--- a/ansible/roles/postfix/tasks/main.yml
+++ b/ansible/roles/postfix/tasks/main.yml
@@ -111,6 +111,17 @@
     - role::postfix
   notify: Regenerate transport table
 
+- name: Copy Postfix sender access list
+  copy:
+    src: sender_access
+    dest: /etc/postfix/sender_access
+    mode: "0644"
+    owner: root
+    group: root
+  tags:
+    - role::postfix
+  notify: Regenerate sender access table
+
 - name: Template Postfix submission header checks
   template:
     src: header-checks-submission.j2
diff --git a/ansible/roles/postfix/templates/main.cf.j2 b/ansible/roles/postfix/templates/main.cf.j2
index 635b9a6..8770c6f 100644
--- a/ansible/roles/postfix/templates/main.cf.j2
+++ b/ansible/roles/postfix/templates/main.cf.j2
@@ -29,6 +29,7 @@ smtpd_tls_received_header = yes
 smtpd_tls_session_cache_timeout = 3600s
 smtpd_tls_auth_only=yes
 
+smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
 
 smtpd_relay_restrictions =
                          permit_mynetworks,