From 35e4bbf04b17eb05cc1a2d761ef5531081111958 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sun, 28 Mar 2021 08:59:57 +0200
Subject: [PATCH] bundles/postfix: remove postscreen usage

postscreen isn't able to share its cache file between
instances, which leads to the server simply accepting
mails for the port on which postscreen starts up later.
Since we can't predict which port this will be, we
simply remove postscreen alltogether.

Yes, i know i could just remove postscreen for port 2525.
---
 bundles/postfix/files/main.cf   |  7 -------
 bundles/postfix/files/master.cf | 10 ++++------
 2 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/bundles/postfix/files/main.cf b/bundles/postfix/files/main.cf
index c0bbb90..cd7ca56 100644
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@@ -90,11 +90,4 @@ milter_default_action = accept
 mua_relay_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
 mua_sender_restrictions = permit_mynetworks,reject_non_fqdn_sender,permit_sasl_authenticated,reject
 mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
-
-postscreen_access_list = permit_mynetworks
-postscreen_blacklist_action = drop
-postscreen_greet_action = drop
-postscreen_dnsbl_threshold = 2
-postscreen_dnsbl_sites = ix.dnsbl.manitu.net zen.spamhaus.org
-postscreen_dnsbl_action = drop
 % endif
diff --git a/bundles/postfix/files/master.cf b/bundles/postfix/files/master.cf
index c48e1b3..21dd231 100644
--- a/bundles/postfix/files/master.cf
+++ b/bundles/postfix/files/master.cf
@@ -2,13 +2,11 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
-% if node.has_bundle('postfixadmin'):
-smtp      inet  n       -       y       -       1       postscreen
-    -o smtpd_sasl_auth_enable=no
-2525      inet  n       -       y       -       1       postscreen
-    -o smtpd_sasl_auth_enable=no
-% else:
 smtp      inet  n       -       y       -       1       smtpd
+% if node.has_bundle('postfixadmin'):
+    -o smtpd_sasl_auth_enable=no
+2525      inet  n       -       y       -       1       smtpd
+    -o smtpd_sasl_auth_enable=no
 % endif
 smtpd     pass  -       -       y       -       -       smtpd
 dnsblog   unix  -       -       y       -       0       dnsblog