1 files changed, 9 insertions, 5 deletions

diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 2b311e06..42313d1a 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -7,8 +7,8 @@ class site_postfix::mx {
   $domain              = $domain_hash['full_suffix']
   $host_domain         = $domain_hash['full']
   $cert_name           = hiera('name')
-  $mynetworks          = join(hiera('mynetworks'), ' ')
-  $rbls                = suffix(prefix(hiera('rbls'), 'reject_rbl_client '), ',')
+  $mynetworks          = join(hiera('mynetworks', ''), ' ')
+  $rbls                = suffix(prefix(hiera('rbls', []), 'reject_rbl_client '), ',')
 
   $root_mail_recipient = hiera('contacts')
   $postfix_smtp_listen = 'all'
@@ -21,16 +21,20 @@ class site_postfix::mx {
   postfix::config {
     'mynetworks':
       value => "127.0.0.0/8 [::1]/128 [fe80::]/64 ${mynetworks}";
+    # Note: mydestination should not include @domain, because this is
+    # used in virtual alias maps.
     'mydestination':
-      value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}";
+      value => "\$myorigin, localhost, localhost.\$mydomain";
     'myhostname':
       value => $host_domain;
     'mailbox_size_limit':
       value => '0';
     'home_mailbox':
       value => 'Maildir/';
+    # Note: virtual-aliases map will take precedence over leap_mx
+    # lookup (tcp:localhost)
     'virtual_alias_maps':
-      value => 'tcp:localhost:4242';
+      value => 'hash:/etc/postfix/virtual-aliases tcp:localhost:4242';
     'luser_relay':
       value => 'vmail';
     'smtpd_tls_received_header':
@@ -69,13 +73,13 @@ class site_postfix::mx {
     preseed             => true,
     root_mail_recipient => $root_mail_recipient,
     smtp_listen         => 'all',
-    default_alias_maps  => false,
     mastercf_tail       =>
     "smtps     inet  n       -       -       -       -       smtpd
   -o smtpd_tls_wrappermode=yes
   -o smtpd_tls_security_level=encrypt
   -o smtpd_recipient_restrictions=\$smtps_recipient_restrictions
   -o smtpd_helo_restrictions=\$smtps_helo_restrictions
+  -o smtpd_client_restrictions=
   -o cleanup_service_name=clean_smtps
 clean_smtps	  unix	n	-	n	-	0	cleanup
   -o header_checks=pcre:/etc/postfix/checks/rewrite_openpgp_headers",