defaults/main.yml

@@ -4,5 +4,4 @@
 #postfix_myorigin: "$mydomain"
 #postfix_mydestination: ""
 #postfix_mynetworks: ""
-#postfix_relay_domains: ""
 #postfix_relayhost: ""

files/usr/local/sbin/update_postgrey_whitelist.sh

@@ -1,8 +1,7 @@
 #!/bin/bash
 
-curl -L https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_clients -o /dev/shm/postgrey_whitelist_clients
+wget https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_clients
 #wget https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_recipients
-sed -e 's|##DATE##|'"$(date +%d/%m/%Y)"'|' -e 's|##VERSION##|master|' -i /dev/shm/postgrey_whitelist_clients
+sed -e 's|##DATE##|'"$(date +%d/%m/%Y)"'|' -e 's|##VERSION##|master|' -i postgrey_whitelist_clients
-cat /dev/shm/postgrey_whitelist_clients > /etc/postfix/postgrey_whitelist_clients
+cat postgrey_whitelist_clients > /etc/postfix/postgrey_whitelist_clients
-rm -f /dev/shm/postgrey_whitelist_clients
 systemctl restart postgrey

tasks/postgrey.yml

@@ -6,17 +6,8 @@
     group: root
     mode: 0755
 
-- name: Mise à jour des whitelist de postgrey via crontab
-  cron:
-    name: update_postgrey_whitelist
-    minute: "1"
-    hour: "0"
-    user: root
-    job: "/usr/local/sbin/update_postgrey_whitelist.sh"
-    cron_file: update_postgrey_whitelist
-
 - name: Enable postgrey at boot time
   service:
     name: postgrey
-    enabled: true
+    enabled: yes
     state: started

templates/etc/postfix/main.cf.j2

@@ -123,10 +123,10 @@ mydomain = {{ postfix_mydomain }}
 # myorigin also specifies the default domain name that is appended
 # to recipient addresses that have no @domain part.
 #
-{% if postfix_myorigin is defined %}
-myorigin = {{ postfix_myorigin }}
-{% else %}
 #myorigin = $myhostname
+{% if postfix_myorigin is defined %}
+myorigin = $mydomain
+{% else %}
 #myorigin = $mydomain
 {% endif %}
 
@@ -342,11 +342,7 @@ mynetworks = {% for postfix_network in postfix_mynetworks %}{{ postfix_network }
 # list this system as their primary or backup MX host. See the
 # permit_mx_backup restriction description in postconf(5).
 #
-{% if postfix_relay_domains is defined %}
-relay_domains = {% for postfix_relay_domain in postfix_relay_domains %}{{ postfix_relay_domain }}{% if not loop.last %}, {% endif %}{% endfor %}
-{% else %}
 #relay_domains = $mydestination
-{% endif %}
 
 # INTERNET OR INTRANET
 
@@ -865,12 +861,7 @@ smtpd_helo_required = yes
 # Rejeter tout mail mal formate
 smtpd_helo_restrictions =
     permit_mynetworks,
-    permit_sasl_authenticated,
 #    check_client_access hash:/usr/local/etc/postfix/access,
-#    check_helo_access hash:/etc/postfix/helo_access,
-    reject_invalid_helo_hostname,
-    reject_non_fqdn_helo_hostname,
-    reject_unknown_helo_hostname,
     reject_non_fqdn_hostname
 
 # restrictions d'acces
@@ -879,10 +870,7 @@ smtpd_helo_restrictions =
 smtpd_sender_restrictions =
 #    hash:/etc/postfix/access,
     permit_mynetworks,
-    permit_sasl_authenticated,
     reject_unknown_sender_domain,
-    reject_unknown_reverse_client_hostname,
-    reject_unknown_client_hostname,
     warn_if_reject reject_unverified_sender
 
 smtpd_recipient_restrictions =
@@ -896,13 +884,7 @@ smtpd_recipient_restrictions =
     reject_unauth_pipelining,
     reject_invalid_hostname,
 #    check_policy_service inet:127.0.0.1:10031,
-#    check_policy_service unix:private/policyd-spf,
     check_policy_service unix:postgrey/socket,
-#    check_client_access hash:/etc/postfix/rbl_override,
-#    reject_rhsbl_helo dbl.spamhaus.org,
-#    reject_rhsbl_reverse_client dbl.spamhaus.org,
-#    reject_rhsbl_sender dbl.spamhaus.org,
-#    permit_dnswl_client swl.spamhaus.org,
 #    reject_rbl_client zen.spamhaus.org,
 #    reject_rbl_client korea.services.net,
 #    reject_rbl_client list.dsbl.org,