diff options
author | Micah Anderson <micah@leap.se> | 2015-09-09 09:36:59 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2015-09-10 12:32:19 -0400 |
commit | d113bf1b2cd3cb6a94fbe20aa711bf9b9b93286f (patch) | |
tree | e0fbd3abb1569eef352572dea1b4c45da6689a7e /puppet/modules/site_postfix | |
parent | c0fb606ab22646eafb61059a9ea30ac919ec2d04 (diff) |
Fix clients being blocked by RBLs (#7431)
Valid users submitting mail to be delivered should not be blocked by
configured RBLs.
Settings in main.cf are valid and used globally, unless they are
overridden in master.cf for specific Postfix daemons. We have set in
main.cf the smtp_client_restrictions parameter to check for configured
rbls, so we need to override that and empty it in order to allow valid
clients to send mail, even when their IP is listed in an RBL.
Note: most users will typically be connecting via VPN, so their IP would
typically be replaced by the VPN gateway one, but there are cases where
this is still useful.
Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1
Diffstat (limited to 'puppet/modules/site_postfix')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 334d04d0..bff3e291 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -74,7 +74,8 @@ class site_postfix::mx { -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_recipient_restrictions=\$smtps_recipient_restrictions - -o smtpd_helo_restrictions=\$smtps_helo_restrictions", + -o smtpd_helo_restrictions=\$smtps_helo_restrictions + -o smtpd_client_restrictions=", require => [ Class['Site_config::X509::Key'], Class['Site_config::X509::Cert'], |