diff options
author | Micah Anderson <micah@leap.se> | 2013-09-03 10:37:21 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2013-09-03 12:26:17 -0400 |
commit | cfdbad27fe0b1c5e98b127f2c3d22258e233ef11 (patch) | |
tree | feab8e0e771af7616d22af7a78d41f354babbe25 /puppet/modules/site_postfix/manifests/mx | |
parent | 822f92c3ff3fb8ef640b7e1c10819f367014f8d1 (diff) |
add /etc/postfix/checks directory and setup a check_helo_access that allows admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694)
Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4
Diffstat (limited to 'puppet/modules/site_postfix/manifests/mx')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp index 7ade8588..795c1703 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -1,6 +1,8 @@ class site_postfix::mx::smtpd_checks { postfix::config { + 'checks_dir': + value => '$config_directory/checks'; 'smtpd_client_restrictions': value => 'permit_mynetworks,permit'; 'smtpd_data_restrictions': @@ -8,7 +10,7 @@ class site_postfix::mx::smtpd_checks { 'smtpd_delay_reject': value => 'yes'; 'smtpd_helo_restrictions': - value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit'; + value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access hash:$checks_dir/helo_checks, permit'; 'smtpd_recipient_restrictions': value => 'reject_unknown_recipient_domain, permit_mynetworks, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit'; # We should change from permit_tls_all_clientcerts to permit_tls_clientcerts |