Skip to content
Permalink
Browse files

Use SRS for forwarded e-mails to work aroung SPF FAIL when forwarding

  • Loading branch information...
FlorianSW committed Jun 15, 2019
1 parent 8ad1295 commit 18d0777fbc429f1f9690c048edabfdf5b2e93b4a
@@ -53,6 +53,23 @@ postfix::testuser::password: >
lsoijzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAx2dI5b3ZjW3s/H2x/
/Y5dgCAkWYScdBHPbQ9MnF5FEb6x7+bIVxoUFmzfDOaw239PFA==]

postsrsd::secret: >
ENC[PKCS7,MIICfQYJKoZIhvcNAQcDoIICbjCCAmoCAQAxggEhMIIBHQIBADAFMAACAQEw
DQYJKoZIhvcNAQEBBQAEggEAfO0vlJh2mJhwykAvndDd81PA3/wFI8Nxal4Q
yaup/mTjUk7TAhpKBK7IssLOaNhPjG14eWLhj6cSassEogXur3IZBvzHACBn
3mr3sn4zzsfxqr2t7dABTmqMgVMqMvuza99mA589uOtlsRSgQSv7MyX4A0dT
LxRoxphyzlJJExXDr6UpLoq7XJYZYkCbeHGlnmGbRDYpsWaNQi/E9f1bS7mM
wDULdBTk5d+mQJTwzuTC8Un1xGCqeSpcmlY8mDDmspTPh4qyPABnGAr5nXyh
YPh00I915U+XSfiH5Q+p582HyTliUg1LC6NPpwAQAIstQo6ulg8JP2SgM4sa
gpHQbjCCAT4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEENcqaiP0h8pRi5JU
Mv6ufQSAggEQ9MHbdpmp3NC1h4dp5ZCus7asobVoj34QSvv+yN0jBFuHdEmP
/MwZp9PzIuwdODNFS9vaRk50BKJDjndM89LAVyQNIaDzgaBArQ2PxWlLOwH6
peCvb293SAFP9E6q7SpKj8/lG3H4dYVQIFchVLRwBulOPes+9G0wiwhF5bvC
UJn0RYQS+5xwT2oI9hs//G6k9HUy5GCg7YCriAAps+LAt1mapAq0y5qQIcUI
n4CT297s6hi5pkR6sUVAwXVvX5OqRqykJNm0cW+oXMiT5zdNyXep9kng4X2/
0kn0wOkrsQuTP7Jau4R1fhduTpmyWVNySYBWszFJteU1TdfSJNS4cr1vgdT/
8cYInTFde9YiEmg=]

opendkim::uid: 123
opendkim::socket: 'inet:8891@127.0.0.1'
opendkim::trusted_hosts:
@@ -78,6 +78,15 @@
notify => Service['postfix'],
}

file { '/etc/postfix/sql/no-srs.cf':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0660',
content => template('postfix/sql/no-srs.cf.erb'),
notify => Service['postfix'],
}

file { '/etc/postfix/sql/sender-login-maps.cf':
ensure => 'file',
owner => 'root',
@@ -82,3 +82,9 @@ mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
# SPF Verifier
policyd-spf_time_limit = 3600

# SRS
sender_canonical_maps = mysql:/etc/postfix/sql/no-srs.cf, tcp:127.0.0.1:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:10002
recipient_canonical_classes= envelope_recipient,header_recipient

@@ -0,0 +1,5 @@
user = <%= @vmaildbuser %>
password = <%= @vmaildbpass %>
hosts = <%= @vmaildbhost %>
dbname = <%= @vmaildbname %>
query = SELECT CONCAT(username, '@', domain) FROM users LEFT JOIN aliases ON aliases.source = CONCAT('%u', '@', '%d') WHERE username='%u' AND domain='%d' and aliases.destination IS NULL
@@ -0,0 +1,14 @@
# Installs and configures postsrsd
class postsrsd {
package { 'postsrsd':
ensure => 'present',
}

file { '/etc/postsrsd.secret':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0660',
content => lookup( 'postsrsd::secret' ),
}
}
@@ -31,6 +31,7 @@

include ::opendkim
include postfixspf
include postsrsd
include postfix

$postfixcertcheck = hiera('monit::postfix::certcheck', {})

0 comments on commit 18d0777

Please sign in to comment.
You can’t perform that action at this time.