From: Ralf Jung Date: Fri, 23 Jul 2021 15:55:08 +0000 (+0200) Subject: Google likes breaking the internet :( X-Git-Url: https://git.ralfj.de/ansible.git/commitdiff_plain/9892b8db62a259be7669e04257d25e54a687a8b1?ds=sidebyside;hp=82c3952d5c4600c4c0ec7f8ab55f0dc96d750f4f Google likes breaking the internet :( --- diff --git a/roles/email/tasks/postfix.yml b/roles/email/tasks/postfix.yml index a76cc25..0eb2472 100644 --- a/roles/email/tasks/postfix.yml +++ b/roles/email/tasks/postfix.yml @@ -13,6 +13,7 @@ loop: - main.cf - master.cf + - postscreen_access.cidr notify: postfix - name: install postfix mysql config when: postfix.dovecot is defined diff --git a/roles/email/templates/main.cf b/roles/email/templates/main.cf index 7a735c2..b9d2187 100644 --- a/roles/email/templates/main.cf +++ b/roles/email/templates/main.cf @@ -47,6 +47,8 @@ postscreen_dnsbl_action = enforce postscreen_pipelining_enable = yes postscreen_non_smtp_command_enable = yes postscreen_bare_newline_enable = yes +postscreen_access_list = permit_mynetworks, + cidr:$config_directory/postscreen_access.cidr {% endif %} # control relay access diff --git a/roles/email/templates/postscreen_access.cidr b/roles/email/templates/postscreen_access.cidr new file mode 100644 index 0000000..8fab849 --- /dev/null +++ b/roles/email/templates/postscreen_access.cidr @@ -0,0 +1,2 @@ +# Google thinks they are better than everyone else, and don't need to be compatible with greylisting. +209.85.128.0/17 permit