summaryrefslogtreecommitdiff
path: root/puppet/modules/site_postfix/manifests/mx
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2013-08-29 19:00:33 +0200
committervarac <varacanero@zeromail.org>2013-08-29 19:00:33 +0200
commit6c508c1c938fa2933d633fa7896505e23128c997 (patch)
tree04c5e036745c657a7a7c68b758ab8d1066d4f884 /puppet/modules/site_postfix/manifests/mx
parent683a1dbe729d3979c9390e2d0aeb5e0e4c258370 (diff)
fix smtpd mail restrictions (Feature #3166)
Diffstat (limited to 'puppet/modules/site_postfix/manifests/mx')
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp6
1 files changed, 3 insertions, 3 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index bda666f8..0973e625 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -4,15 +4,15 @@ class site_postfix::mx::smtpd_checks {
'smtpd_client_restrictions':
value => 'permit_mynetworks,permit';
'smtpd_data_restrictions':
- value => 'permit_mynetworks, reject_unauth_pipelining, permit';
+ value => 'permit_tls_all_clientcerts, permit_mynetworks, reject_unauth_pipelining, permit';
'smtpd_delay_reject':
value => 'yes';
'smtpd_helo_restrictions':
value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit';
'smtpd_recipient_restrictions':
- value => 'reject_unknown_recipient_domain, permit_mynetworks, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
+ value => 'reject_unknown_recipient_domain, permit_tls_all_clientcerts, permit_mynetworks, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
'smtpd_sender_restrictions':
- value => 'check_sender_access tcp:localhost:2244, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
+ value => 'check_sender_access tcp:localhost:2244, permit_tls_all_clientcerts, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
}
}