fix postscreen and DKIM permissions

diff --git a/roles/postfix/templates/master.cf b/roles/postfix/templates/master.cf
index 0e9b5363c70d7e9d682a3496e3cb8e7b2380581f..e6eeb149766489f2c7b4e4604c54d81bb3ef78b7 100644 (file)
--- a/roles/postfix/templates/master.cf
+++ b/roles/postfix/templates/master.cf
@@ -11,6 +11,7 @@
 # ==========================================================================
 {% if postfix.postscreen is defined and postfix.postscreen %}
 smtp       inet  n       -       y       -       1       postscreen
 # ==========================================================================
 {% if postfix.postscreen is defined and postfix.postscreen %}
 smtp       inet  n       -       y       -       1       postscreen

+smtpd      pass  -       -       y       -       -       smtpd

 dnsblog    unix  -       -       y       -       0       dnsblog
 tlsproxy   unix  -       -       y       -       0       tlsproxy
 {% else %}
 dnsblog    unix  -       -       y       -       0       dnsblog
 tlsproxy   unix  -       -       y       -       0       tlsproxy
 {% else %}

diff --git a/roles/postfix/templates/opendkim.conf b/roles/postfix/templates/opendkim.conf
index 06203ea3413ae731cf04270756f2c3266656d3df..6e4d8128e057f11aa65638be9e25470d6f4232bc 100644 (file)
--- a/roles/postfix/templates/opendkim.conf
+++ b/roles/postfix/templates/opendkim.conf
@@ -6,7 +6,7 @@
 Syslog                 yes
 
 # Access control
 Syslog                 yes
 
 # Access control

-UMask                  007
+UMask                  000 # postfix is "other", but the dir is protected

 UserID                 opendkim
 
 # domains and keys are in table files
 UserID                 opendkim
 
 # domains and keys are in table files