From 4763f339a2f3f37ccfd4dcc009c83614efc302cc Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Sun, 8 Apr 2018 12:16:12 +0200
Subject: [PATCH] fix postscreen and DKIM permissions

---
 roles/postfix/templates/master.cf     | 1 +
 roles/postfix/templates/opendkim.conf | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/postfix/templates/master.cf b/roles/postfix/templates/master.cf
index 0e9b536..e6eeb14 100644
--- a/roles/postfix/templates/master.cf
+++ b/roles/postfix/templates/master.cf
@@ -11,6 +11,7 @@
 # ==========================================================================
 {% if postfix.postscreen is defined and postfix.postscreen %}
 smtp       inet  n       -       y       -       1       postscreen
+smtpd      pass  -       -       y       -       -       smtpd
 dnsblog    unix  -       -       y       -       0       dnsblog
 tlsproxy   unix  -       -       y       -       0       tlsproxy
 {% else %}
diff --git a/roles/postfix/templates/opendkim.conf b/roles/postfix/templates/opendkim.conf
index 06203ea..6e4d812 100644
--- a/roles/postfix/templates/opendkim.conf
+++ b/roles/postfix/templates/opendkim.conf
@@ -6,7 +6,7 @@
 Syslog			yes
 
 # Access control
-UMask			007
+UMask			000 # postfix is "other", but the dir is protected
 UserID			opendkim
 
 # domains and keys are in table files
-- 
2.30.2