feat: implement comprehensive postfix gateway with eFa5 configuration (#414)
- add voxpupuli-postfix module to Puppetfile - create profiles::postfix::gateway class with config based on efa5 - add master.cf entries for postscreen, smtpd, dnsblog, and tlsproxy services - create postfix hash files: aliases, access controls, canonical maps - configure TLS with system PKI certificates and strong cipher suites - add transport and virtual alias mappings for mail routing Reviewed-on: #414
This commit was merged in pull request #414.
This commit is contained in:
@@ -0,0 +1,54 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
postmaster: root
|
||||
|
||||
# Many mailers use this address to represent the empty SMTP return path
|
||||
MAILER-DAEMON: postmaster
|
||||
|
||||
# Common aliases for system accounts.
|
||||
bin: root
|
||||
daemon: root
|
||||
games: root
|
||||
ingres: root
|
||||
nobody: root
|
||||
system: root
|
||||
toor: root
|
||||
foo: root
|
||||
falken: root
|
||||
|
||||
# Well-known aliases.
|
||||
admin: root
|
||||
manager: root
|
||||
dumper: root
|
||||
operator: root
|
||||
|
||||
# traps to catch security attacks
|
||||
decode: root
|
||||
moof: root
|
||||
moog: root
|
||||
|
||||
# Standard aliases also defined by RFC 2142
|
||||
abuse: postmaster
|
||||
|
||||
# reports of network infrastructure difficulties
|
||||
noc: root
|
||||
|
||||
# address to report secuirty problems
|
||||
security: root
|
||||
|
||||
# DNS administrator (DNS soa records should use this)
|
||||
hostmaster: root
|
||||
|
||||
# Usenet news service administrator
|
||||
news: usenet
|
||||
usenet: root
|
||||
|
||||
# http/web service administrator
|
||||
www: webmaster
|
||||
webmaster: root
|
||||
|
||||
# UUCP service administrator
|
||||
uucp: root
|
||||
|
||||
# FTP administrator (especially anon FTP)
|
||||
ftp: root
|
||||
@@ -0,0 +1,11 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
# HELO/EHLO access controls
|
||||
# Format: pattern action
|
||||
# Actions: REJECT, OK, WARN, etc.
|
||||
|
||||
# Block common spam patterns
|
||||
.dynamic. REJECT
|
||||
.dialup. REJECT
|
||||
unknown REJECT
|
||||
localhost REJECT You are not localhost
|
||||
@@ -0,0 +1,4 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
127.0.0.1/32 permit
|
||||
10.10.12.200/32 permit
|
||||
@@ -0,0 +1,9 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
# Recipient access controls
|
||||
# Format: recipient_pattern action
|
||||
# Actions: REJECT, OK, WARN, DISCARD, etc.
|
||||
|
||||
# Protected recipients that require special handling
|
||||
# Example entries:
|
||||
# @main.unkin.net OK
|
||||
@@ -0,0 +1,8 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
# Recipient canonical address mapping
|
||||
# Format: original_address canonical_address
|
||||
# Used to rewrite recipient addresses
|
||||
|
||||
# Example mappings:
|
||||
# user@olddomain.com user@main.unkin.net
|
||||
@@ -0,0 +1,3 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
main.unkin.net OK
|
||||
@@ -0,0 +1,3 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
@main.unkin.net OK
|
||||
@@ -0,0 +1,10 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
# Sender access controls
|
||||
# Format: sender_pattern action
|
||||
# Actions: REJECT, OK, WARN, DISCARD, etc.
|
||||
|
||||
# Block known spam domains
|
||||
# Example entries:
|
||||
# spammer@example.com REJECT
|
||||
# @badspammer.com REJECT
|
||||
@@ -0,0 +1,8 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
|
||||
# Sender canonical address mapping
|
||||
# Format: original_address canonical_address
|
||||
# Used to rewrite sender addresses
|
||||
|
||||
# Example mappings:
|
||||
# user@internal.local user@main.unkin.net
|
||||
Reference in New Issue
Block a user