From 7c980c30d5f75c63005d8c4f69f6c080e53cafed Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Fri, 18 Sep 2015 02:30:03 -0400
Subject: [PATCH] update amavis-config

---
 install/dist/tpl/gentoo/amavisd-ispconfig.conf.master |   18 +++++++++++++-----
 install/tpl/amavisd_user_config.master                |   17 +++++++++++------
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master b/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master
index 32ee177..c05ce98 100644
--- a/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master
+++ b/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master
@@ -94,16 +94,24 @@
 $log_level = 0;                # (defaults to 0)
 
 $inet_socket_port = [10024,10026];
-$forward_method = 'smtp:[127.0.0.1]:10025';
-$notify_method = 'smtp:[127.0.0.1]:10027';
+
+# *:* = send to IP/HOST:incoming Port + 1
+$forward_method = 'smtp:*:*';
+$notify_method = 'smtp:*:*';
+
 $interface_policy{'10026'} = 'ORIGINATING';
 $policy_bank{'ORIGINATING'} = {
   originating => 1,
   smtpd_discard_ehlo_keywords => ['8BITMIME'],
-  forward_method => 'smtp:[127.0.0.1]:10027',
 };
-@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
-192.168.0.0/16);
+
+# IP-Addresses for internal networks => load policy MYNETS
+# - requires -o smtp_send_xforward_command=yes in postfix master.cf
+@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [::1] [FE80::]/10 [FEC0::]/10);
+
+# Allow SMTP access from IPs in @inet_acl to amvisd SMTP Port
+@inet_acl = qw( 127.0.0.1 [::1] 192.168.0.0/16 );
+
 $signed_header_fields{'received'} = 0; # turn off signing of Received
 $enable_dkim_verification = 1;
 $enable_dkim_signing = 1;
diff --git a/install/tpl/amavisd_user_config.master b/install/tpl/amavisd_user_config.master
index 2e5a73d..c729a7c 100644
--- a/install/tpl/amavisd_user_config.master
+++ b/install/tpl/amavisd_user_config.master
@@ -76,19 +76,24 @@
 $log_level = 0;                # (defaults to 0)
 
 $inet_socket_port = [10024,10026];
-$forward_method = 'smtp:[127.0.0.1]:10025';
-$notify_method = 'smtp:[127.0.0.1]:10027';
+
+# *:* = send to IP/HOST:incoming Port + 1
+$forward_method = 'smtp:*:*';
+$notify_method = 'smtp:*:*';
 $interface_policy{'10026'} = 'ORIGINATING';
 $policy_bank{'ORIGINATING'} = {
   originating => 1,
   smtpd_discard_ehlo_keywords => ['8BITMIME'],
-  forward_method => 'smtp:[127.0.0.1]:10027',
 };
-@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
-192.168.0.0/16);
+
+# IP-Addresses for internal networks => load policy MYNETS
+# - requires -o smtp_send_xforward_command=yes in postfix master.cf
+@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [::1] [FE80::]/10 [FEC0::]/10);
+
+# Allow SMTP access from IPs in @inet_acl to amvisd SMTP Port
+@inet_acl = qw( 127.0.0.1 [::1] 192.168.0.0/16 );
 
 # DKIM
-
 $enable_dkim_verification = 1;
 $enable_dkim_signing = 1; # load DKIM signing code
 $signed_header_fields{'received'} = 0;  # turn off signing of Received

--
Gitblit v1.9.1