block a bounce spammer

[ansible.git] / roles / email / templates / main.cf

diff --git a/roles/email/templates/main.cf b/roles/email/templates/main.cf
index 01c2185a57aec07d1dac12c152cd163cb2266abc..1190de5fc874aa3ef1be6d17a4888664752e65f5 100644 (file)
--- a/roles/email/templates/main.cf
+++ b/roles/email/templates/main.cf
@@ -13,7 +13,7 @@ local_recipient_maps = $alias_maps
 
 {% if 'letsencrypt' in group_names %}
 # TLS server parameters
-smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt+chain
+smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt
 smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtpd_tls_security_level = may
@@ -40,13 +40,16 @@ postscreen_dnsbl_threshold = 3
 postscreen_dnsbl_whitelist_threshold = -2
 postscreen_dnsbl_sites =
        ix.dnsbl.manitu.net*2 sbl-xbl.spamhaus.org*2
-       bl.spamcop.net dnsbl.sorbs.net bl.mailspike.net
+       bl.spamcop.net bl.mailspike.net
        swl.spamhaus.org*-2 list.dnswl.org=127.0.[0..255].[0..254]*-2
 postscreen_greet_action = enforce
 postscreen_dnsbl_action = enforce
 postscreen_pipelining_enable = yes
 postscreen_non_smtp_command_enable = yes
 postscreen_bare_newline_enable = yes
+postscreen_access_list = permit_mynetworks,
+       cidr:$config_directory/postscreen_access.cidr
+postscreen_blacklist_action = enforce
 {% endif %}
 
 # control relay access