Commit 098f97b7 authored by ale's avatar ale
Browse files

Set up an internal postfix-smtp-auth listener on 10465

It is meant to receive authenticated emails from the webmail, applying
the same rules as the rest of postfix-smtp-auth (including
sender_login blocks etc).
parent b03c57ff
......@@ -13,10 +13,10 @@
- libpam-authclient
- sasl2-bin
- name: Add postfix user to the opendkim and sasl groups
- name: Add postfix user to the acl groups it needs
user:
name: postfix
groups: opendkim,sasl
groups: opendkim,sasl,mail-frontend-credentials
append: yes
# The postfix-out instance has a special myhostname to match
......
......@@ -16,6 +16,14 @@
{% endif %}
##}
# Internal submission interface for webmail.
{{ ip_vpn0 }}:10465 inet n - n - - smtpd
-o inet_interfaces={{ ip_vpn0 }}
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_cert_file=/etc/credentials/x509/mail-frontend/server/cert.pem
-o smtpd_tls_key_file=/etc/credentials/x509/mail-frontend/server/private_key.pem
smtpd pass - - n - - smtpd
tlsproxy unix - - n - 0 tlsproxy
dnsblog unix - - n - 0 dnsblog
......
......@@ -8,6 +8,8 @@ mail-frontend:
ldap_credentials:
- name: postfix
- name: dovecot
service_credentials:
- name: mail-frontend
systemd_services:
- postfix@-.service
- postfix@postfix-in.service
......@@ -20,6 +22,7 @@ mail-frontend:
- name: mail
ports:
- 10025
- 10465
mail-backend:
scheduling_group: backend
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment