summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2015-09-09 09:36:59 -0400
committerMicah Anderson <micah@leap.se>2015-09-10 12:32:19 -0400
commitd113bf1b2cd3cb6a94fbe20aa711bf9b9b93286f (patch)
treee0fbd3abb1569eef352572dea1b4c45da6689a7e
parentc0fb606ab22646eafb61059a9ea30ac919ec2d04 (diff)
Fix clients being blocked by RBLs (#7431)
Valid users submitting mail to be delivered should not be blocked by configured RBLs. Settings in main.cf are valid and used globally, unless they are overridden in master.cf for specific Postfix daemons. We have set in main.cf the smtp_client_restrictions parameter to check for configured rbls, so we need to override that and empty it in order to allow valid clients to send mail, even when their IP is listed in an RBL. Note: most users will typically be connecting via VPN, so their IP would typically be replaced by the VPN gateway one, but there are cases where this is still useful. Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp3
1 files changed, 2 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 334d04d0..bff3e291 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -74,7 +74,8 @@ class site_postfix::mx {
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_recipient_restrictions=\$smtps_recipient_restrictions
- -o smtpd_helo_restrictions=\$smtps_helo_restrictions",
+ -o smtpd_helo_restrictions=\$smtps_helo_restrictions
+ -o smtpd_client_restrictions=",
require => [
Class['Site_config::X509::Key'],
Class['Site_config::X509::Cert'],