From d901c602f61697f329e37bc92209c264755094c1 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 3 Sep 2013 15:26:23 +0200
Subject: Sending mail fails when relaying using non-fully-qualified hostname
 (Feature #3667)

---
 puppet/modules/site_postfix/manifests/mx.pp              | 7 ++++---
 puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 2 ++
 2 files changed, 6 insertions(+), 3 deletions(-)

(limited to 'puppet/modules')

diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index e5dc1c7b..515b6825 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -42,8 +42,9 @@ class site_postfix::mx {
     -o smtpd_tls_security_level=encrypt\n
     submission inet n        -       n       -       -       smtpd\n
     -o smtpd_tls_security_level=encrypt\n
-    -o smtpd_recipient_restrictions=\$submission_recipient_restrictions",
-    require             => [ X509::Key[$cert_name], X509::Cert[$cert_name],
-                             User['vmail'] ]
+    -o smtpd_recipient_restrictions=\$submission_recipient_restrictions\n
+    -o smtpd_helo_restrictions=\$submission_helo_restrictions",
+    require             =>
+      [ X509::Key[$cert_name], X509::Cert[$cert_name], User['vmail'] ]
   }
 }
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index b1536d64..7aea71fb 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -24,6 +24,8 @@ class site_postfix::mx::smtpd_checks {
       value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
     'submission_recipient_restrictions':
       value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
+    'submission_helo_restrictions':
+      value => 'permit_mynetworks, permit';
     'smtpd_sender_restrictions':
       value => 'permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
     }
-- 
cgit v1.2.3


From 1c0bde0eef6f693a3a67b88eed40173d9f4cf756 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 3 Sep 2013 16:20:02 +0200
Subject: fix $master_cf_tail format

---
 puppet/modules/site_postfix/manifests/mx.pp | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'puppet/modules')

diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 515b6825..2d8f3db5 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -37,14 +37,14 @@ class site_postfix::mx {
     root_mail_recipient => $root_mail_recipient,
     smtp_listen         => 'all',
     mastercf_tail       =>
-    "smtps     inet  n       -       -       -       -       smtpd\n
-    -o smtpd_tls_wrappermode=yes\n
-    -o smtpd_tls_security_level=encrypt\n
-    submission inet n        -       n       -       -       smtpd\n
-    -o smtpd_tls_security_level=encrypt\n
-    -o smtpd_recipient_restrictions=\$submission_recipient_restrictions\n
-    -o smtpd_helo_restrictions=\$submission_helo_restrictions",
-    require             =>
-      [ X509::Key[$cert_name], X509::Cert[$cert_name], User['vmail'] ]
+    "smtps     inet  n       -       -       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_tls_security_level=encrypt
+submission inet n        -       n       -       -       smtpd
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
+  -o smtpd_helo_restrictions=\$submission_helo_restrictions",
+    require             => [
+      X509::Key[$cert_name], X509::Cert[$cert_name], User['vmail'] ]
   }
 }
-- 
cgit v1.2.3


From ccdf90ea9c48efbaa34dda8f23d6a95db9970cd9 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 3 Sep 2013 18:46:09 +0200
Subject: use check_helo_access hash:/helo_checks also for
 $submission_helo_restrictions

---
 puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'puppet/modules')

diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index 7aea71fb..0f1500a4 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -25,7 +25,7 @@ class site_postfix::mx::smtpd_checks {
     'submission_recipient_restrictions':
       value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
     'submission_helo_restrictions':
-      value => 'permit_mynetworks, permit';
+      value => 'permit_mynetworks, check_helo_access hash:$checks_dir/helo_checks, permit';
     'smtpd_sender_restrictions':
       value => 'permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
     }
-- 
cgit v1.2.3