Google likes breaking the internet :(
authorRalf Jung <post@ralfj.de>
Fri, 23 Jul 2021 15:55:08 +0000 (17:55 +0200)
committerRalf Jung <post@ralfj.de>
Fri, 23 Jul 2021 15:59:34 +0000 (17:59 +0200)
roles/email/tasks/postfix.yml
roles/email/templates/main.cf
roles/email/templates/postscreen_access.cidr [new file with mode: 0644]

index a76cc250ea5d36e101e3fc4feeb5e247996588cb..0eb247223118d76b19ef5bed746fad25e3975271 100644 (file)
@@ -13,6 +13,7 @@
   loop:
   - main.cf
   - master.cf
+  - postscreen_access.cidr
   notify: postfix
 - name: install postfix mysql config
   when: postfix.dovecot is defined
index 7a735c2cc74010a597800dc0aa6c055b14131af9..b9d2187e237e6a25d09c2a09c49568330ee7ff50 100644 (file)
@@ -47,6 +47,8 @@ postscreen_dnsbl_action = enforce
 postscreen_pipelining_enable = yes
 postscreen_non_smtp_command_enable = yes
 postscreen_bare_newline_enable = yes
+postscreen_access_list = permit_mynetworks,
+       cidr:$config_directory/postscreen_access.cidr
 {% endif %}
 
 # control relay access
diff --git a/roles/email/templates/postscreen_access.cidr b/roles/email/templates/postscreen_access.cidr
new file mode 100644 (file)
index 0000000..8fab849
--- /dev/null
@@ -0,0 +1,2 @@
+# Google thinks they are better than everyone else, and don't need to be compatible with greylisting.
+209.85.128.0/17 permit