diff options
| author | 2024-09-03 19:40:09 +0100 | |
|---|---|---|
| committer | 2024-09-03 19:47:04 +0100 | |
| commit | eb79092c587e32bac21313e89cd7e31fbd19dde0 (patch) | |
| tree | f23482ee9530427e91f15a57585fe8d96022bc19 /ansible | |
| parent | Update postfix main.cf to pass through new conditional SRS rewriter (diff) | |
Appease the documentation dictator
Diffstat (limited to 'ansible')
| -rw-r--r-- | ansible/roles/postfix/tasks/main.yml | 6 | ||||
| -rw-r--r-- | ansible/roles/postfix/templates/main.cf.j2 | 7 | 
2 files changed, 9 insertions, 4 deletions
| diff --git a/ansible/roles/postfix/tasks/main.yml b/ansible/roles/postfix/tasks/main.yml index de775ce..57293ad 100644 --- a/ansible/roles/postfix/tasks/main.yml +++ b/ansible/roles/postfix/tasks/main.yml @@ -198,12 +198,12 @@          -o smtpd_sasl_path=private/auth        cleanup-srs     unix n - - - 0 cleanup -        -o syslog_name=postfix/srs +        -o syslog_name=postfix/cleanup/optional-srs          -o sender_canonical_maps=pcre:/etc/postfix/sender-canonical-maps,tcp:127.0.0.1:10001          -o sender_canonical_classes=envelope_sender -      127.0.0.1:10027 inet n - - - - smtpd -        -o syslog_name=postfix/srs +      127.0.0.1:10027 inet n - y - - smtpd +        -o syslog_name=postfix/cleanup/optional-srs          -o smtpd_milters=          -o cleanup_service_name=cleanup-srs          -o smtpd_tls_security_level=none diff --git a/ansible/roles/postfix/templates/main.cf.j2 b/ansible/roles/postfix/templates/main.cf.j2 index 835b8f8..496dab4 100644 --- a/ansible/roles/postfix/templates/main.cf.j2 +++ b/ansible/roles/postfix/templates/main.cf.j2 @@ -48,7 +48,12 @@ myhostname = {{ postfix_mailserver_name }}  policyd-spf_time_limit = 3600 -# Handle SRS +# Set the default transport to our private separate smtpd instance +# which will conditionally apply SRS (Sender Rewrite Scheme). +# +# If the mail is destined for a local inbox, no SRS is needed as we +# are the final hop. If the mail is destined for a forwarding address +# we apply SRS so that SPF and other validations will pass.  default_transport = smtp:127.0.0.1:10027  recipient_canonical_maps = tcp:localhost:10002  recipient_canonical_classes = envelope_recipient,header_recipient | 
