From 950b3085463d50814d3b343604460939e7ead7a4 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Fri, 27 Jan 2023 12:45:01 +0100 Subject: Relay via static zz0.email host Split horizon for the complete .email zone is not feasible for all sites, and TLS certificate currently does not cover any of the internal hostnames. Signed-off-by: Georg Pfuetzenreuter --- pillar/global/mta.sls | 1 + salt/common/hosts.sls | 9 +++++++++ salt/common/init.sls | 1 + 3 files changed, 11 insertions(+) create mode 100644 salt/common/hosts.sls diff --git a/pillar/global/mta.sls b/pillar/global/mta.sls index a992440..b0ab601 100644 --- a/pillar/global/mta.sls +++ b/pillar/global/mta.sls @@ -17,6 +17,7 @@ postfix: smtp_use_tls: 'yes' smtp_tls_security_level: encrypt smtp_tls_wrappermode: 'yes' + disable_dns_lookups: 'yes' aliases: use_file: false diff --git a/salt/common/hosts.sls b/salt/common/hosts.sls new file mode 100644 index 0000000..0a37f2c --- /dev/null +++ b/salt/common/hosts.sls @@ -0,0 +1,9 @@ +# this is a hack because we currently only allow email relaying using the split-horizon zz0.email +selene-hosts: + host.present: + - comment: Needed for email + - ip: 192.168.0.120 + - names: + - selene.psyched.dev + - selene + - zz0.email diff --git a/salt/common/init.sls b/salt/common/init.sls index 52ac5a5..01229be 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -1,3 +1,4 @@ include: - role.salt.minion + - .hosts - common.{{ grains['os'] | lower }} -- cgit v1.2.3