From: Ralf Jung <post@ralfj.de>
Date: Sun, 20 May 2018 20:45:20 +0000 (+0200)
Subject: postfix: offer opening another smtpd on port 26
X-Git-Url: https://git.ralfj.de/ansible.git/commitdiff_plain/7273ecf5a25c5b4a418b8356482cafb922d59a3c

postfix: offer opening another smtpd on port 26
---

diff --git a/host_vars/template.yml b/host_vars/template.yml
index 99d2b4b..bd5ccb1 100644
--- a/host_vars/template.yml
+++ b/host_vars/template.yml
@@ -1,6 +1,10 @@
 postfix:
   # optional: Whether to put a postscreen on port 25
   postscreen: True
+  # optional: Open another SMTP daemon on port 26 that only accepts mail from local hosts
+  # (and whitelisted client certs, if applicable).  Useful when the source of the mail is in
+  # a network that blocks port 25 outgoing.
+  smtpd_26: True
   # optional: Whether to accept emails for arbitrary destination on the submission port,
   # authenticated by dovecot.  Requires a dovecot: section (see below).
   submission: True
diff --git a/roles/email/templates/main.cf b/roles/email/templates/main.cf
index 97f07bd..dc72a19 100644
--- a/roles/email/templates/main.cf
+++ b/roles/email/templates/main.cf
@@ -107,11 +107,12 @@ proxy_read_maps = $virtual_alias_maps $virtual_mailbox_maps $smtpd_sender_login_
 
 # setup mail routes for virtual mail: all mail ends up being forwarded somewhere
 virtual_transport = error
-transport_maps = hash:/etc/postfix/transport_map
+transport_maps = hash:$config_directory/transport_map
 mailman_destination_recipient_limit = 1
 {% endif %}
 
 {% if postfix.smtp_outgoing is defined %}
+# send mail via specific IP
 default_transport = {{ postfix.default_smtp_outgoing }}
 sender_dependent_default_transport_maps = hash:$config_directory/sender_transport_map
 {% endif %}
diff --git a/roles/email/templates/master.cf b/roles/email/templates/master.cf
index f053746..1d3a3e8 100644
--- a/roles/email/templates/master.cf
+++ b/roles/email/templates/master.cf
@@ -17,6 +17,12 @@ tlsproxy   unix  -       -       y       -       0       tlsproxy
 {% else %}
 smtp      inet  n       -       y       -       -       smtpd
 {% endif %}
+{% if postfix.smtpd_26 is defined and postfix.smtpd_26 %}
+26      inet  n       -       y       -       -       smtpd
+  -o syslog_name=postfix/smtpd2
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_recipient_restrictions=permit_mynetworks,permit_tls_clientcerts,reject
+{% endif %}
 
 {% if postfix.submission is defined and postfix.submission %}
 submission inet  n       -       y       -       -       smtpd