summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2015-09-09 09:36:59 -0400
committerMicah Anderson <micah@leap.se>2015-09-10 12:32:19 -0400
commitd113bf1b2cd3cb6a94fbe20aa711bf9b9b93286f (patch)
treee0fbd3abb1569eef352572dea1b4c45da6689a7e /puppet/modules
parentc0fb606ab22646eafb61059a9ea30ac919ec2d04 (diff)
Fix clients being blocked by RBLs (#7431)
Valid users submitting mail to be delivered should not be blocked by configured RBLs. Settings in main.cf are valid and used globally, unless they are overridden in master.cf for specific Postfix daemons. We have set in main.cf the smtp_client_restrictions parameter to check for configured rbls, so we need to override that and empty it in order to allow valid clients to send mail, even when their IP is listed in an RBL. Note: most users will typically be connecting via VPN, so their IP would typically be replaced by the VPN gateway one, but there are cases where this is still useful. Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp3
1 files changed, 2 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 334d04d0..bff3e291 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -74,7 +74,8 @@ class site_postfix::mx {
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_recipient_restrictions=\$smtps_recipient_restrictions
- -o smtpd_helo_restrictions=\$smtps_helo_restrictions",
+ -o smtpd_helo_restrictions=\$smtps_helo_restrictions
+ -o smtpd_client_restrictions=",
require => [
Class['Site_config::X509::Key'],
Class['Site_config::X509::Cert'],