Google likes breaking the internet :(

diff --git a/roles/email/tasks/postfix.yml b/roles/email/tasks/postfix.yml
index a76cc250ea5d36e101e3fc4feeb5e247996588cb..0eb247223118d76b19ef5bed746fad25e3975271 100644 (file)
--- a/roles/email/tasks/postfix.yml
+++ b/roles/email/tasks/postfix.yml
@@ -13,6 +13,7 @@
   loop:
   - main.cf
   - master.cf
+  - postscreen_access.cidr
   notify: postfix
 - name: install postfix mysql config
   when: postfix.dovecot is defined

diff --git a/roles/email/templates/main.cf b/roles/email/templates/main.cf
index 7a735c2cc74010a597800dc0aa6c055b14131af9..b9d2187e237e6a25d09c2a09c49568330ee7ff50 100644 (file)
--- a/roles/email/templates/main.cf
+++ b/roles/email/templates/main.cf
@@ -47,6 +47,8 @@ postscreen_dnsbl_action = enforce
 postscreen_pipelining_enable = yes
 postscreen_non_smtp_command_enable = yes
 postscreen_bare_newline_enable = yes
+postscreen_access_list = permit_mynetworks,
+       cidr:$config_directory/postscreen_access.cidr
 {% endif %}
 
 # control relay access

diff --git a/roles/email/templates/postscreen_access.cidr b/roles/email/templates/postscreen_access.cidr
new file mode 100644 (file)
index 0000000..8fab849
--- /dev/null
+++ b/roles/email/templates/postscreen_access.cidr
@@ -0,0 +1,2 @@
+# Google thinks they are better than everyone else, and don't need to be compatible with greylisting.
+209.85.128.0/17 permit