puppet-prod/hieradata/roles/infra/mail/gateway.yaml

---
# additional altnames
profiles::pki::vault::alt_names:
  - in-mta.main.unkin.net

# gateway-specific postfix configuration
postfix::mydestination: 'blank'
postfix::mynetworks: '127.0.0.0/8 [::1]/128'
postfix::smtp_listen: '0.0.0.0'
postfix::mta: true
profiles::postfix::gateway::myhostname: 'in-mta.main.unkin.net'

profiles::postfix::gateway::relay_recipients_maps:
  '@main.unkin.net': 'OK'

profiles::postfix::gateway::relay_domains_maps:
  'main.unkin.net': 'OK'

profiles::postfix::gateway::postscreen_access_maps:
  '127.0.0.1/32': 'permit'
  '10.10.12.200/32': 'permit'

profiles::postfix::gateway::helo_access_maps:
  '.dynamic.': 'REJECT'
  '.dialup.': 'REJECT'
  'unknown': 'REJECT'
  'localhost': 'REJECT You are not localhost'

# postfix transports
postfix::transports:
  'main.unkin.net':
    ensure: present
    destination: 'relay'
    nexthop: 'ausyd1nxvm2120.main.unkin.net:25'