summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2015-04-28 14:28:21 +0200
committervarac <varacanero@zeromail.org>2015-04-28 14:28:21 +0200
commit3aa462bd2402c81ac85720ca9337d45acbf04ff3 (patch)
tree90e78177e57200b260388f9ec7d1d34d018b0eed /puppet
parent87a2005d7a2ab9cccce67eea7f25de2a2e3d789a (diff)
Reject inbound mail to local system users that don't appear in
/ect/aliases #6829 We began to recieve spam for vmail@DOMAIN. So we want to block inbound mail to local system users. However, users in the /etc/aliases file are still accepted on inbound mail - see https://leap.se/code/issues/6909 for a follow up. Change-Id: I03d3014984c4bd27f90147125fb037b68716624d
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp9
1 files changed, 9 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 81f10b77..49692d24 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -1,3 +1,6 @@
+#
+# configure mx node
+#
class site_postfix::mx {
$domain_hash = hiera('domain')
@@ -35,6 +38,12 @@ class site_postfix::mx {
# because the satellites need to have a different value
'smtp_tls_security_level':
value => 'may';
+ # reject inbound mail to system users
+ # see https://leap.se/code/issues/6829
+ # this blocks *only* mails to system users, that don't appear in the
+ # alias map
+ 'local_recipient_maps':
+ value => '$alias_maps';
}
include site_postfix::mx::smtpd_checks