diff options
author | Micah Anderson <micah@leap.se> | 2015-07-28 14:35:40 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2015-07-28 14:35:40 -0400 |
commit | 8684aa38ece3271a0eb0f8a1751f6c3297025afa (patch) | |
tree | f9f46d1fc47cb870f4aa0344b01b009bc347cc09 | |
parent | 2761fa77394d5a2857812de840e49172d0e486fb (diff) |
Support RBL blocking of incoming mail (#5923)
Set zen.spamhaus as the default rbl
Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
-rw-r--r-- | provider_base/services/mx.json | 1 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 1 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 2 |
3 files changed, 3 insertions, 1 deletions
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 11293ae8..db2e4795 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -16,6 +16,7 @@ "salt": "= hex_secret :couch_leap_mx_password_salt, 128" }, "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq", + "rbls": ["zen.spamhaus.org"], "x509": { "use": true, "use_commercial": true, diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 49692d24..af0f9f56 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -8,6 +8,7 @@ class site_postfix::mx { $host_domain = $domain_hash['full'] $cert_name = hiera('name') $mynetworks = join(hiera('mynetworks'), ' ') + $rbls = suffix(prefix(hiera('rbls'), 'reject_rbl_client '), ',') $root_mail_recipient = hiera('contacts') $postfix_smtp_listen = 'all' diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp index 0ec40277..1c3e5c92 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -6,7 +6,7 @@ class site_postfix::mx::smtpd_checks { 'checks_dir': value => '$config_directory/checks'; 'smtpd_client_restrictions': - value => 'permit_mynetworks,permit'; + value => "${site_postfix::mx::rbls}permit_mynetworks,permit"; 'smtpd_data_restrictions': value => 'permit_mynetworks, reject_unauth_pipelining, permit'; 'smtpd_delay_reject': |