Setup nftables for mailserver_postfix

2024-09-28 11:40:02 +02:00 · 2024-09-28 11:40:02 +02:00 · b933680621
commit b933680621
parent 0f6bc98576
3 changed files with 13 additions and 0 deletions
--- a/roles/mailserver_postfix/files/nftables/input.d/smtp-submission.conf
+++ b/roles/mailserver_postfix/files/nftables/input.d/smtp-submission.conf
@ -0,0 +1 @@
+tcp dport {25, 587} accept comment "Allow SMTP/submission from all"
--- a/roles/mailserver_postfix/meta/main.yml
+++ b/roles/mailserver_postfix/meta/main.yml
@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: setup_nftables
--- a/roles/mailserver_postfix/tasks/main.yml
+++ b/roles/mailserver_postfix/tasks/main.yml
@ -39,3 +39,11 @@
    group: root
    mode: "644"
  notify: Restart postfix service
+
+- name: Allow incoming SMTP/submission
+  become: true
+  ansible.builtin.copy:
+    src: nftables/input.d/smtp-submission.conf
+    dest: /etc/nftables/input.d/smtp-submission.conf
+    mode: 0640
+  notify: Reload nftables service
				`@ -0,0 +1 @@`
				`tcp dport {25, 587} accept comment "Allow SMTP/submission from all"`