From b933680621cc0c6f2e395abd7bfb7be8e2b9069f Mon Sep 17 00:00:00 2001 From: Tunui Franken Date: Sat, 28 Sep 2024 11:40:02 +0200 Subject: [PATCH] Setup nftables for mailserver_postfix --- .../files/nftables/input.d/smtp-submission.conf | 1 + roles/mailserver_postfix/meta/main.yml | 4 ++++ roles/mailserver_postfix/tasks/main.yml | 8 ++++++++ 3 files changed, 13 insertions(+) create mode 100644 roles/mailserver_postfix/files/nftables/input.d/smtp-submission.conf create mode 100644 roles/mailserver_postfix/meta/main.yml diff --git a/roles/mailserver_postfix/files/nftables/input.d/smtp-submission.conf b/roles/mailserver_postfix/files/nftables/input.d/smtp-submission.conf new file mode 100644 index 0000000..1cf888d --- /dev/null +++ b/roles/mailserver_postfix/files/nftables/input.d/smtp-submission.conf @@ -0,0 +1 @@ +tcp dport {25, 587} accept comment "Allow SMTP/submission from all" diff --git a/roles/mailserver_postfix/meta/main.yml b/roles/mailserver_postfix/meta/main.yml new file mode 100644 index 0000000..0b0dbbe --- /dev/null +++ b/roles/mailserver_postfix/meta/main.yml @@ -0,0 +1,4 @@ +--- + +dependencies: + - role: setup_nftables diff --git a/roles/mailserver_postfix/tasks/main.yml b/roles/mailserver_postfix/tasks/main.yml index 35709f9..621188e 100644 --- a/roles/mailserver_postfix/tasks/main.yml +++ b/roles/mailserver_postfix/tasks/main.yml @@ -39,3 +39,11 @@ group: root mode: "644" notify: Restart postfix service + +- name: Allow incoming SMTP/submission + become: true + ansible.builtin.copy: + src: nftables/input.d/smtp-submission.conf + dest: /etc/nftables/input.d/smtp-submission.conf + mode: 0640 + notify: Reload nftables service