diff options
-rw-r--r-- | puppet/modules/site_postfix/files/checks/helo_access.pcre | 2 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/checks.pp | 7 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 2 |
3 files changed, 10 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/files/checks/helo_access.pcre b/puppet/modules/site_postfix/files/checks/helo_access.pcre new file mode 100644 index 00000000..4ebd42e6 --- /dev/null +++ b/puppet/modules/site_postfix/files/checks/helo_access.pcre @@ -0,0 +1,2 @@ +!/[[:alpha:]]/ REJECT Numeric HELO is a sign of spam, please contact us if this is in error + diff --git a/puppet/modules/site_postfix/manifests/mx/checks.pp b/puppet/modules/site_postfix/manifests/mx/checks.pp index f406ad34..9678c205 100644 --- a/puppet/modules/site_postfix/manifests/mx/checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/checks.pp @@ -1,3 +1,4 @@ +# management of specific MTA checks class site_postfix::mx::checks { file { @@ -13,6 +14,12 @@ class site_postfix::mx::checks { mode => '0644', owner => root, group => root; + + '/etc/postfix/checks/helo_checks.pcre': + source => 'puppet:///modules/site_postfix/checks/helo_access.pcre', + mode => '0644', + owner => root, + group => root; } exec { diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp index 291d7ee4..162e6d86 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -28,7 +28,7 @@ class site_postfix::mx::smtpd_checks { 'smtps_relay_restrictions': value => 'permit_mynetworks, permit_tls_clientcerts, defer_unauth_destination'; 'smtps_helo_restrictions': - value => 'permit_mynetworks, check_helo_access hash:$checks_dir/helo_checks, permit'; + value => 'permit_mynetworks, check_helo_access hash:$checks_dir/helo_checks, check_helo_access pcre:$checks_dir/helo_checks.pcre, permit'; 'smtpd_sender_restrictions': value => 'permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit'; } |