diff --git a/defaults/main.yml b/defaults/main.yml index a776ba1..c1107f5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,5 +4,4 @@ #postfix_myorigin: "$mydomain" #postfix_mydestination: "" #postfix_mynetworks: "" -#postfix_relay_domains: "" #postfix_relayhost: "" diff --git a/files/usr/local/sbin/update_postgrey_whitelist.sh b/files/usr/local/sbin/update_postgrey_whitelist.sh index f2ad2d5..739500c 100755 --- a/files/usr/local/sbin/update_postgrey_whitelist.sh +++ b/files/usr/local/sbin/update_postgrey_whitelist.sh @@ -1,8 +1,7 @@ #!/bin/bash -curl -L https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_clients -o /dev/shm/postgrey_whitelist_clients +wget https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_clients #wget https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_recipients -sed -e 's|##DATE##|'"$(date +%d/%m/%Y)"'|' -e 's|##VERSION##|master|' -i /dev/shm/postgrey_whitelist_clients -cat /dev/shm/postgrey_whitelist_clients > /etc/postfix/postgrey_whitelist_clients -rm -f /dev/shm/postgrey_whitelist_clients +sed -e 's|##DATE##|'"$(date +%d/%m/%Y)"'|' -e 's|##VERSION##|master|' -i postgrey_whitelist_clients +cat postgrey_whitelist_clients > /etc/postfix/postgrey_whitelist_clients systemctl restart postgrey diff --git a/tasks/postgrey.yml b/tasks/postgrey.yml index 7dd7fd8..7f40060 100644 --- a/tasks/postgrey.yml +++ b/tasks/postgrey.yml @@ -6,17 +6,8 @@ group: root mode: 0755 -- name: Mise à jour des whitelist de postgrey via crontab - cron: - name: update_postgrey_whitelist - minute: "1" - hour: "0" - user: root - job: "/usr/local/sbin/update_postgrey_whitelist.sh" - cron_file: update_postgrey_whitelist - - name: Enable postgrey at boot time service: name: postgrey - enabled: true + enabled: yes state: started diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2 index 4e7ef1c..0d1e2fb 100644 --- a/templates/etc/postfix/main.cf.j2 +++ b/templates/etc/postfix/main.cf.j2 @@ -123,10 +123,10 @@ mydomain = {{ postfix_mydomain }} # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # -{% if postfix_myorigin is defined %} -myorigin = {{ postfix_myorigin }} -{% else %} #myorigin = $myhostname +{% if postfix_myorigin is defined %} +myorigin = $mydomain +{% else %} #myorigin = $mydomain {% endif %} @@ -342,11 +342,7 @@ mynetworks = {% for postfix_network in postfix_mynetworks %}{{ postfix_network } # list this system as their primary or backup MX host. See the # permit_mx_backup restriction description in postconf(5). # -{% if postfix_relay_domains is defined %} -relay_domains = {% for postfix_relay_domain in postfix_relay_domains %}{{ postfix_relay_domain }}{% if not loop.last %}, {% endif %}{% endfor %} -{% else %} #relay_domains = $mydestination -{% endif %} # INTERNET OR INTRANET @@ -865,12 +861,7 @@ smtpd_helo_required = yes # Rejeter tout mail mal formate smtpd_helo_restrictions = permit_mynetworks, - permit_sasl_authenticated, # check_client_access hash:/usr/local/etc/postfix/access, -# check_helo_access hash:/etc/postfix/helo_access, - reject_invalid_helo_hostname, - reject_non_fqdn_helo_hostname, - reject_unknown_helo_hostname, reject_non_fqdn_hostname # restrictions d'acces @@ -879,10 +870,7 @@ smtpd_helo_restrictions = smtpd_sender_restrictions = # hash:/etc/postfix/access, permit_mynetworks, - permit_sasl_authenticated, reject_unknown_sender_domain, - reject_unknown_reverse_client_hostname, - reject_unknown_client_hostname, warn_if_reject reject_unverified_sender smtpd_recipient_restrictions = @@ -896,13 +884,7 @@ smtpd_recipient_restrictions = reject_unauth_pipelining, reject_invalid_hostname, # check_policy_service inet:127.0.0.1:10031, -# check_policy_service unix:private/policyd-spf, check_policy_service unix:postgrey/socket, -# check_client_access hash:/etc/postfix/rbl_override, -# reject_rhsbl_helo dbl.spamhaus.org, -# reject_rhsbl_reverse_client dbl.spamhaus.org, -# reject_rhsbl_sender dbl.spamhaus.org, -# permit_dnswl_client swl.spamhaus.org, # reject_rbl_client zen.spamhaus.org, # reject_rbl_client korea.services.net, # reject_rbl_client list.dsbl.org,