Update for RedHat 9 family

defaults/main.yml

@@ -4,4 +4,5 @@
 #postfix_myorigin: "$mydomain"
 #postfix_mydestination: ""
 #postfix_mynetworks: ""
+#postfix_relay_domains: ""
 #postfix_relayhost: ""

files/usr/local/sbin/update_postgrey_whitelist.sh

@@ -1,7 +1,8 @@
 #!/bin/bash
 
-wget https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_clients
+curl -L https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_clients -o /dev/shm/postgrey_whitelist_clients
 #wget https://github.com/schweikert/postgrey/raw/master/postgrey_whitelist_recipients
-sed -e 's|##DATE##|'"$(date +%d/%m/%Y)"'|' -e 's|##VERSION##|master|' -i postgrey_whitelist_clients
-cat postgrey_whitelist_clients > /etc/postfix/postgrey_whitelist_clients
+sed -e 's|##DATE##|'"$(date +%d/%m/%Y)"'|' -e 's|##VERSION##|master|' -i /dev/shm/postgrey_whitelist_clients
+cat /dev/shm/postgrey_whitelist_clients > /etc/postfix/postgrey_whitelist_clients
+rm -f /dev/shm/postgrey_whitelist_clients
 systemctl restart postgrey

tasks/postgrey.yml

@@ -6,8 +6,17 @@
     group: root
     mode: 0755
 
+- name: Mise à jour des whitelist de postgrey via crontab
+  cron:
+    name: update_postgrey_whitelist
+    minute: "1"
+    hour: "0"
+    user: root
+    job: "/usr/local/sbin/update_postgrey_whitelist.sh"
+    cron_file: update_postgrey_whitelist
+
 - name: Enable postgrey at boot time
   service:
     name: postgrey
-    enabled: yes
+    enabled: true
     state: started

templates/etc/postfix/main.cf.j2

@@ -123,10 +123,10 @@ mydomain = {{ postfix_mydomain }}
 # myorigin also specifies the default domain name that is appended
 # to recipient addresses that have no @domain part.
 #
-#myorigin = $myhostname
 {% if postfix_myorigin is defined %}
-myorigin = $mydomain
+myorigin = {{ postfix_myorigin }}
 {% else %}
+#myorigin = $myhostname
 #myorigin = $mydomain
 {% endif %}
 
@@ -342,7 +342,11 @@ mynetworks = {% for postfix_network in postfix_mynetworks %}{{ postfix_network }
 # list this system as their primary or backup MX host. See the
 # permit_mx_backup restriction description in postconf(5).
 #
+{% if postfix_relay_domains is defined %}
+relay_domains = {% for postfix_relay_domain in postfix_relay_domains %}{{ postfix_relay_domain }}{% if not loop.last %}, {% endif %}{% endfor %}
+{% else %}
 #relay_domains = $mydestination
+{% endif %}
 
 # INTERNET OR INTRANET
 
@@ -861,7 +865,12 @@ smtpd_helo_required = yes
 # Rejeter tout mail mal formate
 smtpd_helo_restrictions =
     permit_mynetworks,
+    permit_sasl_authenticated,
 #    check_client_access hash:/usr/local/etc/postfix/access,
+#    check_helo_access hash:/etc/postfix/helo_access,
+    reject_invalid_helo_hostname,
+    reject_non_fqdn_helo_hostname,
+    reject_unknown_helo_hostname,
     reject_non_fqdn_hostname
 
 # restrictions d'acces
@@ -870,7 +879,10 @@ smtpd_helo_restrictions =
 smtpd_sender_restrictions =
 #    hash:/etc/postfix/access,
     permit_mynetworks,
+    permit_sasl_authenticated,
     reject_unknown_sender_domain,
+    reject_unknown_reverse_client_hostname,
+    reject_unknown_client_hostname,
     warn_if_reject reject_unverified_sender
 
 smtpd_recipient_restrictions =
@@ -884,7 +896,13 @@ smtpd_recipient_restrictions =
     reject_unauth_pipelining,
     reject_invalid_hostname,
 #    check_policy_service inet:127.0.0.1:10031,
+#    check_policy_service unix:private/policyd-spf,
     check_policy_service unix:postgrey/socket,
+#    check_client_access hash:/etc/postfix/rbl_override,
+#    reject_rhsbl_helo dbl.spamhaus.org,
+#    reject_rhsbl_reverse_client dbl.spamhaus.org,
+#    reject_rhsbl_sender dbl.spamhaus.org,
+#    permit_dnswl_client swl.spamhaus.org,
 #    reject_rbl_client zen.spamhaus.org,
 #    reject_rbl_client korea.services.net,
 #    reject_rbl_client list.dsbl.org,