bundles/postfix: add feature to block email recipients

This commit is contained in:
Franzi 2024-01-21 11:43:43 +01:00
parent 57c76e5eba
commit ee58509e93
Signed by: kunsi
GPG key ID: 12E3D2136B818350
3 changed files with 28 additions and 0 deletions

View file

@ -0,0 +1,3 @@
% for address in sorted(blocked):
${address} REJECT
% endfor

View file

@ -48,6 +48,8 @@ smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_helo_required = yes smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname
smtpd_data_restrictions = reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/blocked_recipients
smtpd_relay_before_recipient_restrictions = yes
# generated using mozilla ssl generator, using "old" configuration. # generated using mozilla ssl generator, using "old" configuration.
# we need this to support CentOS 7 systems, sadly ... # we need this to support CentOS 7 systems, sadly ...

View file

@ -39,6 +39,16 @@ files = {
'action:postfix_newaliases', 'action:postfix_newaliases',
}, },
}, },
'/etc/postfix/blocked_recipients': {
'content_type': 'mako',
'context': {
'blocked': node.metadata.get('postfix/blocked_recipients', set()),
},
'triggers': {
'action:postfix_postmap_blocked_recipients',
'svc_systemd:postfix:restart',
},
},
'/etc/postfix/master.cf': { '/etc/postfix/master.cf': {
'content_type': 'mako', 'content_type': 'mako',
'triggers': { 'triggers': {
@ -74,6 +84,19 @@ actions = {
'needs': { 'needs': {
my_package, my_package,
}, },
'before': {
'svc_systemd:postfix',
},
},
'postfix_postmap_blocked_recipients': {
'command': 'postmap hash:/etc/postfix/blocked_recipients',
'triggered': True,
'needs': {
my_package,
},
'before': {
'svc_systemd:postfix',
},
}, },
} }