11 years ago · 369b90925a
--- a/roles/mailserver/files/etc_postfix_master.cf
+++ b/roles/mailserver/files/etc_postfix_master.cf
 
															
															 # service type  private unpriv  chroot  wakeup  maxproc command + args
														
 
															
															 #               (yes)   (yes)   (yes)   (never) (100)
														
 
															
															 # ==========================================================================
														
 
															
															-smtp       inet  n       -       -       -       -       smtpd
														
 
															
															-#smtp      inet  n       -       -       -       1       postscreen
														
 
															
															-#smtpd     pass  -       -       -       -       -       smtpd
														
 
															
															-#dnsblog   unix  -       -       -       -       0       dnsblog
														
 
															
															-#tlsproxy  unix  -       -       -       -       0       tlsproxy
														
 
															
															+#smtp      inet  n       -       -       -       -       smtpd
														
 
															
															+smtp       inet  n       -       -       -       1       postscreen
														
 
															
															+smtpd      pass  -       -       -       -       -       smtpd
														
 
															
															+dnsblog    unix  -       -       -       -       0       dnsblog
														
 
															
															+tlsproxy   unix  -       -       -       -       0       tlsproxy
														
 
															
															 #submission inet  n       -       -       -       -       smtpd
														
 
															
															 #  -o syslog_name=postfix/submission
														
 
															
															 #  -o smtpd_tls_security_level=encrypt
														
--- a/roles/mailserver/templates/etc_postfix_main.cf.j2
+++ b/roles/mailserver/templates/etc_postfix_main.cf.j2
 
															
															   reject_non_fqdn_hostname,
														
 
															
															   reject_non_fqdn_recipient,
														
 
															
															   reject_unknown_recipient_domain,
														
 
															
															-  reject_rbl_client multihop.dsbl.org,
														
 
															
															-  reject_rbl_client zen.spamhaus.org,
														
 
															
															-  reject_rbl_client cbl.abuseat.org,
														
 
															
															-  reject_rbl_client bl.spamcop.net,
														
 
															
															-  reject_rbl_client dnsbl.sorbs.net,
														
 
															
															-  reject_rbl_client all.spamrats.com=127.0.0.36,
														
 
															
															-  reject_rbl_client all.spamrats.com=127.0.0.38,
														
 
															
															-  reject_rbl_client dnsbl.ahbl.org,
														
 
															
															   check_policy_service inet:127.0.0.1:10023,
														
 
															
															   permit
														
 
															
															 smtpd_client_restrictions =
														
 
															
															   permit_sasl_authenticated
														
 
															
															   check_client_access pcre:/etc/postfix/dspam_filter_access
														
 
															
															+
														
 
															
															+# Postscreen
														
 
															
															+postscreen_access_list = permit_mynetworks
														
 
															
															+postscreen_dnsbl_sites =
														
 
															
															+  multihop.dsbl.org*2
														
 
															
															+  sbl-xbl.spamhaus.org*2
														
 
															
															+  cbl.abuseat.org*2
														
 
															
															+  bl.spamcop.net*2
														
 
															
															+  dnsbl.sorbs.net*1
														
 
															
															+  spam.spamrats.com*2
														
 
															
															+  dnsbl.ahbl.org*2
														
 
															
															+postscreen_dnsbl_threshold = 3
														
 
															
															+postscreen_dnsbl_action = enforce
														
 
															
															+postscreen_greet_action = enforce