diff options
| -rw-r--r-- | ansible/roles/postfix/tasks/main.yml | 6 | ||||
| -rw-r--r-- | ansible/roles/postfix/templates/main.cf.j2 | 7 | 
2 files changed, 9 insertions, 4 deletions
| diff --git a/ansible/roles/postfix/tasks/main.yml b/ansible/roles/postfix/tasks/main.yml index de775ce..57293ad 100644 --- a/ansible/roles/postfix/tasks/main.yml +++ b/ansible/roles/postfix/tasks/main.yml @@ -198,12 +198,12 @@          -o smtpd_sasl_path=private/auth        cleanup-srs     unix n - - - 0 cleanup -        -o syslog_name=postfix/srs +        -o syslog_name=postfix/cleanup/optional-srs          -o sender_canonical_maps=pcre:/etc/postfix/sender-canonical-maps,tcp:127.0.0.1:10001          -o sender_canonical_classes=envelope_sender -      127.0.0.1:10027 inet n - - - - smtpd -        -o syslog_name=postfix/srs +      127.0.0.1:10027 inet n - y - - smtpd +        -o syslog_name=postfix/cleanup/optional-srs          -o smtpd_milters=          -o cleanup_service_name=cleanup-srs          -o smtpd_tls_security_level=none diff --git a/ansible/roles/postfix/templates/main.cf.j2 b/ansible/roles/postfix/templates/main.cf.j2 index 835b8f8..496dab4 100644 --- a/ansible/roles/postfix/templates/main.cf.j2 +++ b/ansible/roles/postfix/templates/main.cf.j2 @@ -48,7 +48,12 @@ myhostname = {{ postfix_mailserver_name }}  policyd-spf_time_limit = 3600 -# Handle SRS +# Set the default transport to our private separate smtpd instance +# which will conditionally apply SRS (Sender Rewrite Scheme). +# +# If the mail is destined for a local inbox, no SRS is needed as we +# are the final hop. If the mail is destined for a forwarding address +# we apply SRS so that SPF and other validations will pass.  default_transport = smtp:127.0.0.1:10027  recipient_canonical_maps = tcp:localhost:10002  recipient_canonical_classes = envelope_recipient,header_recipient | 
