Browse Source

exim+dovecot: let recipient-check work; fixes #6

master
Y 1 year ago
parent
commit
807b01c97b
3 changed files with 19 additions and 13 deletions
  1. +6
    -5
      roles/dmz_exim/tasks/main.yml
  2. +8
    -8
      roles/dovecot/templates/dovecot.conf.j2
  3. +5
    -0
      roles/nftables_back/templates/nftables.conf.j2

+ 6
- 5
roles/dmz_exim/tasks/main.yml View File

@@ -496,9 +496,10 @@
block: |
lmtp_user:
debug_print = "R: lmtp_user for $local_part@$domain"
driver = accept
driver = manualroute
domains = +local_domains
transport = lmtp_transport
route_list = * {{SafeZone_IP}} byname
cannot_route_message = Unknown user
insertbefore: '^#localuser:'
notify:
@@ -510,10 +511,10 @@
marker: ' # {mark} LMTP transport'
block: |
lmtp_transport:
driver = lmtp
socket = /run/shared_sockets/lmtp
user = exim
current_directory = /var/spool/exim
driver = smtp
protocol = lmtp
rcpt_include_affixes
port = 24
insertbefore: '^# This transport is used'
notify:
- restart exim.service

+ 8
- 8
roles/dovecot/templates/dovecot.conf.j2 View File

@@ -51,15 +51,15 @@ service imap-login {
}
}
service lmtp {
unix_listener /run/shared_sockets/lmtp {
mode = 0666
#unix_listener /run/shared_sockets/lmtp {
# mode = 0666
#}
# Create inet listener only if you can't use the above UNIX socket
# https://yalis.fr/git/yves/home-server/issues/6
inet_listener lmtp {
address = {{SafeZone_IP}}
port = 24
}
# # Create inet listener only if you can't use the above UNIX socket
# #inet_listener lmtp {
# # Avoid making LMTP visible for the entire internet
# #address =
# #port =
# #}
}
service imap {
}

+ 5
- 0
roles/nftables_back/templates/nftables.conf.j2 View File

@@ -72,6 +72,11 @@ table ip{{v}} Inet{{V}} {

# ssh
tcp dport 22 accept
{% call(net) trust(DMZ_IP) %}

# lmtp
tcp dport 24 ip saddr {{net}} accept
{% endcall %}

# portmapper
tcp dport 111 accept

Loading…
Cancel
Save