diff --git a/deploy/ansible/playbooks/deploy-c3lf-sys3.yml b/deploy/ansible/playbooks/deploy-c3lf-sys3.yml index af5e9e8..679f85a 100644 --- a/deploy/ansible/playbooks/deploy-c3lf-sys3.yml +++ b/deploy/ansible/playbooks/deploy-c3lf-sys3.yml @@ -361,13 +361,6 @@ notify: - restart postfix - - name: configure rspamd dkim - template: - src: templates/rspamd-dkim.cf.j2 - dest: /etc/rspamd/local.d/dkim_signing.conf - notify: - - restart rspamd - - name: configure rspamd copy: content: | diff --git a/deploy/ansible/playbooks/templates/postfix.cf.j2 b/deploy/ansible/playbooks/templates/postfix.cf.j2 index ee073d6..f80d69b 100644 --- a/deploy/ansible/playbooks/templates/postfix.cf.j2 +++ b/deploy/ansible/playbooks/templates/postfix.cf.j2 @@ -37,6 +37,7 @@ alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, , localhost +relayhost = firefly.lab.or.it mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + diff --git a/deploy/ansible/playbooks/templates/rspamd-dkim.cf.j2 b/deploy/ansible/playbooks/templates/rspamd-dkim.cf.j2 deleted file mode 100644 index 0429a02..0000000 --- a/deploy/ansible/playbooks/templates/rspamd-dkim.cf.j2 +++ /dev/null @@ -1,79 +0,0 @@ -# local.d/dkim_signing.conf - -enabled = true; - -# If false, messages with empty envelope from are not signed -allow_envfrom_empty = true; - -# If true, envelope/header domain mismatch is ignored -allow_hdrfrom_mismatch = false; - -# If true, multiple from headers are allowed (but only first is used) -allow_hdrfrom_multiple = false; - -# If true, username does not need to contain matching domain -allow_username_mismatch = false; - -# Default path to key, can include '$domain' and '$selector' variables -path = "/var/lib/rspamd/dkim/$domain.$selector.key"; - -# Default selector to use -selector = "dkim"; - -# If false, messages from authenticated users are not selected for signing -sign_authenticated = true; - -# If false, messages from local networks are not selected for signing -sign_local = true; - -# Map file of IP addresses/subnets to consider for signing -# sign_networks = "/some/file"; # or url - -# Symbol to add when message is signed -symbol = "DKIM_SIGNED"; - -# Whether to fallback to global config -try_fallback = true; - -# Domain to use for DKIM signing: can be "header" (MIME From), "envelope" (SMTP From), "recipient" (SMTP To), "auth" (SMTP username) or directly specified domain name -use_domain = "header"; - -# Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth") -#use_domain_sign_networks = "header"; - -# Domain to use for DKIM signing when sender is a local IP ("header"/"envelope"/"auth") -#use_domain_sign_local = "header"; - -# Whether to normalise domains to eSLD -use_esld = true; - -# Whether to get keys from Redis -use_redis = false; - -# Hash for DKIM keys in Redis -key_prefix = "DKIM_KEYS"; - -# map of domains -> names of selectors (since rspamd 1.5.3) -#selector_map = "/etc/rspamd/dkim_selectors.map"; - -# map of domains -> paths to keys (since rspamd 1.5.3) -#path_map = "/etc/rspamd/dkim_paths.map"; - -# If `true` get pubkey from DNS record and check if it matches private key -check_pubkey = false; -# Set to `false` if you want to skip signing if public and private keys mismatch -allow_pubkey_mismatch = true; - -# Domain specific settings -domain { - # Domain name is used as key - {{ mail_domain }} { - - # Private key path - path = "/var/lib/rspamd/dkim/{{ mail_domain }}.key"; - - # Selector - selector = "ds"; - } -} -