From 709b968d98f4b78ba342dc20cb2d0368d054eb0f Mon Sep 17 00:00:00 2001 From: Benjamin Graillot Date: Fri, 24 Jan 2020 09:13:15 +0100 Subject: [PATCH] [postfix] Added role to install postfix --- network.yml | 12 + roles/postfix/tasks/main.yml | 28 ++ roles/postfix/templates/postfix/main.cf.j2 | 250 ++++++++++++++++++ roles/postfix/templates/postfix/master.cf.j2 | 143 ++++++++++ .../templates/postfix/mime_header_checks.j2 | 8 + .../postfix/postscreen_access.cidr.j2 | 61 +++++ .../templates/postfix/recipient_access.j2 | 4 + .../templates/postfix/sasl/smtpd.conf.j2 | 2 + .../templates/postfix/sender_login_maps.j2 | 3 + roles/postfix/templates/postfix/transport.j2 | 27 ++ 10 files changed, 538 insertions(+) create mode 100644 roles/postfix/tasks/main.yml create mode 100644 roles/postfix/templates/postfix/main.cf.j2 create mode 100644 roles/postfix/templates/postfix/master.cf.j2 create mode 100644 roles/postfix/templates/postfix/mime_header_checks.j2 create mode 100644 roles/postfix/templates/postfix/postscreen_access.cidr.j2 create mode 100644 roles/postfix/templates/postfix/recipient_access.j2 create mode 100644 roles/postfix/templates/postfix/sasl/smtpd.conf.j2 create mode 100644 roles/postfix/templates/postfix/sender_login_maps.j2 create mode 100644 roles/postfix/templates/postfix/transport.j2 diff --git a/network.yml b/network.yml index b96909f2..dd53051f 100644 --- a/network.yml +++ b/network.yml @@ -68,3 +68,15 @@ roles: - quagga-ipv6 +# Deploy postfix on mail servers +- hosts: titanic.adm.crans.org + vars: + postfix: + primary: false + secondary: true + public: true + dkim: true + mailman: false + titanic: true + roles: + - postfix diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml new file mode 100644 index 00000000..baf09330 --- /dev/null +++ b/roles/postfix/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Install postfix + apt: + update_cache: true + name: + - postfix + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Deploy postfix configuration + template: + src: postfix/{{ item }}.j2 + dest: /etc/postfix/{{ item }} + mode: 0644 + owner: root + group: root + loop: + - main.cf + - master.cf + - transport + - mime_header_checks + - recipient_access + - sender_login_maps + - postscreen_access.cidr + - sasl/smtpd.conf +# - canonical +# - virtual diff --git a/roles/postfix/templates/postfix/main.cf.j2 b/roles/postfix/templates/postfix/main.cf.j2 new file mode 100644 index 00000000..d4b299c4 --- /dev/null +++ b/roles/postfix/templates/postfix/main.cf.j2 @@ -0,0 +1,250 @@ +# {{ ansible_managed }} +# Fichier de configuration principal de postfix. + +# +------------------+ +# | Variables utiles | +# +------------------+ + +# Definition par securite (sinon il utilise gethostname) +myhostname = {{ ansible_hostname }}.crans.org +mydomain = crans.org +# Origine des mails +myorigin = crans.org +# Reseaux locaux +mynetworks = 127.0.0.0/8, [::1]/128 +{% if postfix.primary or postfix.secondary %} + 138.231.136.0/21, 185.230.79.0/24, 185.230.77.0/24, 185.230.76.0/24, 185.230.78.0/24, 10.53.0.0/19, 10.54.0.0/19, [2a0c:700:0:1::]/64, [2a0c:700:0:22::]/64, [2a0c:700:0:21::]/64, [2a0c:700:0:23::]/64, [2a0c:700:0:24::]/64, 10.231.136.0/24, [2a0c:700:0:2::]/64 +{% else %} + 10.231.136.0/24, [2a0c:700:0:2::]/64 +{% endif %} +# Destinations acceptees +mydestination = {{ ansible_hostname }}, $myhostname, localhost, localhost.$mydomain +{% if postfix.primary or not postfix.secondary %} + $mydomain, crans.ens-cachan.fr, clubs.ens-cachan.fr, install-party.ens-cachan.fr, crans.fr, crans.eu +{% endif %} +# Domaine relaye par ce MX +relay_domains = $mydestination +{% if postfix.mailman %} + lists.$mydomain +{% endif %} +{% if postfix.secondary %} + $mydomain, crans.ens-cachan.fr, clubs.ens-cachan.fr, install-party.ens-cachan.fr, crans.fr, crans.eu +{% endif %} +{% if postfix.public %} + lists.$mydomain +{% endif %} +{% if postfix.mailman %} +relay_recipient_maps = + hash:/var/local/re2o-services/mail-server/generated/virtual + hash:/var/lib/mailman/data/virtual-mailman +mailman_destination_recipient_limit = 1 +{% endif %} +# Etre notifie ou non de l'arrive de nouveaux mails +{% if postfix.primary or postfix.secondary %} +biff = no +{% else %} +biff = yes +{% endif %} +# Pour pouvoir tester sans tout casser, on active les soft bounces. +# Ca permet aux mails de ne pas etre bounces en cas d'erreur, mais +# a la place, de renvoyer une erreur non permanente. En production +# il faut enlever ca. +soft_bounce = no + +smtpd_reject_unlisted_sender = yes +{% if not postfix.primary and not postfix.secondary %} +# On delivre dans des maildir +mail_spool_directory = /home/mail/ +{% endif %} +# +--------+ +# | Divers | +# +--------+ +# Delais pour les warnings +delay_warning_time = 24h +# Esthetisme +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +# Par ou passer (notement pour la distrtibution des adresse +# locales par le serveur des adherents) +transport_maps = hash:/etc/postfix/transport +# Une infinite d'adresses mail par personne +recipient_delimiter = + +# +-----------------+ +# | Bases d'adresse | +# +-----------------+ +# Les fichiers d'alias (pour newaliases) +alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases +alias_maps = $alias_database +# On prend aussi en compte les utilisateurs de /etc/passwd +local_recipient_maps = $alias_maps unix:passwd.byname +# Les anciennes ML @crans.org, @crans.ens-cachan.fr -> @lists.crans.org +virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual + +# +-------------+ +# | TLS et SASL | +# +-------------+ + +# TLS pour la reception +smtpd_use_tls=yes +smtpd_tls_security_level=may +smtpd_tls_cert_file=/etc/ssl/certs/smtp.pem +smtpd_tls_key_file=/etc/ssl/private/smtp.pem +smtpd_tls_loglevel=0 +smtpd_tls_received_header=yes + +# On utilise aussi TLS pour envoyer les mails +smtp_use_tls=yes +smtp_tls_security_level=may +smtp_tls_loglevel=1 +smtp_tls_cert_file= +smtp_tls_key_file= +smtp_tls_CApath=/etc/ssl/certs/ + + +# On cache les sessions TLS car elles sont couteuses. +smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache +smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache + +tls_random_source=dev:/dev/urandom + +# Auth que si tls pour eviter des pass en clair sur le reseau +smtpd_tls_auth_only=yes +# Authentification SASL pour relayer du mail +smtpd_sasl_auth_enable=yes + +# +--------------------------+ +# | Filtrages et limitations | +# +--------------------------+ + +{% if postfix.public %} +smtpd_helo_required = yes +smtpd_helo_restrictions = permit_mynetworks + reject_invalid_helo_hostname + reject_non_fqdn_helo_hostname +{% endif %} +## Limitation des messages envoyés par minute +# On n'ignore que les messages venant d'adresses "protégées" +smtpd_client_event_limit_exceptions = local_networks + 10.231.136.0/24, [2a0c:700:0:2::]/64 + # we remove the smtpd_access_maps, so that crans.org in the recipient_access does not capture subdomains +parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains + +# On limite à 10 messages par minute +smtpd_client_message_rate_limit = 10 + +{% if postfix.public %} +smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps +{% endif %} +## Filtrage au MAIL FROM +smtpd_sender_restrictions = permit_mynetworks +{% if postfix.public %} +# Si pas authentifié pour un domaine de smtpd_sender_login_maps +# on dégage. Si authentifié, on envoit même si c'est du spoof +# interne. + reject_unauthenticated_sender_login_mismatch +{% endif %} + reject_non_fqdn_sender + reject_unknown_sender_domain + +## Dit à postfix de jeter toute socket vers un serveur de policy après une +## utilisation. Il en recrée donc une nouvelle, ce qui permet d'éviter +## qu'un service de policy droppant silencieusement ses sockets ralentisse +## postfix. C'est un palliatif en attendant de corriger ratelimit/policy +smtpd_policy_service_request_limit = 1 +## Filtrage au RCPT TO +smtpd_recipient_restrictions = +{% if postfix.primary %} +# Test avec policyd-rate-limit pour limiter le nombre de mails par utilisateur SASL + check_policy_service unix:ratelimit/policy +{% endif %} +# permet si le client est dans le reseau local + permit_mynetworks +# rejette les recipients sans nom de domaine totalement qualifie + reject_non_fqdn_recipient +{% if postfix.public %} +# permet si le client est authentifie + permit_sasl_authenticated +{% endif %} +# rejette les destinations non locales + reject_unauth_destination +{% if postfix.public %} +# accepte si on est sur un destinaire en @crans + check_recipient_access hash:/etc/postfix/recipient_access +# pour les @lists.crans.org, accepte si la greylist est d'accord + check_policy_service inet:127.0.0.1:2501 +{% endif %} +# jette le reste + +{% if postfix.primary %} +#smtpd_end_of_data_restrictions=check_policy_service inet:127.0.0.1:10031 +{% endif %} +# Tailles maximales : 20Mo pour les msgs et 75 pour les mbox +message_size_limit = 20971520 +mailbox_size_limit = 78643000 +# Obligation de specifier le nom de domaine complet +{% if postfix.secondary %} +append_dot_mydomain = yes +{% else %} +append_dot_mydomain = no +{% endif %} +#Ajout de cyrus pour l'authentification SMTP +smtpd_sasl_type = cyrus +# Pieces jointes +mime_header_checks = regexp:/etc/postfix/mime_header_checks +# Transport slow +slow_destination_recipient_limit = 20 +slow_destination_concurrency_limit = 2 +{% if postfix.dkim %} + +# Filtrage mail +milter_protocol = 2 +milter_default_action = accept +smtpd_milters = inet:localhost:12301 +non_smtpd_milters = inet:localhost:12301 + +{% endif %} +{% if postfix.titanic %} +relayhost = [soyouz.adm.crans.org]:25 +{% endif %} +{% if postfix.primary or postfix.secondary %} +# PostScreen configuration +# Access List +postscreen_access_list = cidr:/etc/postfix/postscreen_access.cidr +## Tu es blacklisté ? VTFF +postscreen_blacklist_action = drop + +# Bannière d'accueil multi valuée +postscreen_greet_banner = Bienvenue au crans, veuillez patienter quelques secondes. +## On droppe. +postscreen_greet_action = drop +# RBL, le retour +postscreen_dnsbl_sites = + zen.spamhaus.org*2 + dnsbl.inps.de*2 + b.barracudacentral.org*2 + dnsbl-2.uceprotect.net*2 + bl.spameatingmonkey.net + bl.spamcop.net + dnsbl.sorbs.net + psbl.surriel.com + bl.mailspike.net + swl.spamhaus.org*-2 + list.dnswl.org=127.[0..255].[0..255].0*-1 + list.dnswl.org=127.[0..255].[0..255].1*-2 + list.dnswl.org=127.[0..255].[0..255].[2..255]*-3 + +# Score >= 4 ? Bye bye +postscreen_dnsbl_threshold = 4 +postscreen_dnsbl_action = enforce + +## Désactivé, pour éviter le fake greylisting de postscreen. +## Décommenter en cas de spam trop important. +## Filtre utilisé par postfix, mis en amont via postscreen +#postscreen_non_smtp_command_enable = yes +#postscreen_non_smtp_command_action = enforce +# +#postscreen_bare_newline_enable = yes +#postscreen_bare_newline_action = enforce +# +#postscreen_pipelining_enable = yes +#postscreen_pipelining_action = enforce +{% endif %} diff --git a/roles/postfix/templates/postfix/master.cf.j2 b/roles/postfix/templates/postfix/master.cf.j2 new file mode 100644 index 00000000..f979e4fa --- /dev/null +++ b/roles/postfix/templates/postfix/master.cf.j2 @@ -0,0 +1,143 @@ +# {{ ansible_managed }} +# Fichier de configuration des démons de postfix. + +# +------------------------+ +# | Utils pour le template | +# +------------------------+ +# Postfix master process configuration file. Each line describes how +# a mailer component program should be run. The fields that make up +# each line are described below. A "-" field value requests that a +# default value be used for that field. +# +# Service: any name that is valid for the specified transport type +# (the next field). With INET transports, a service is specified as +# host:port. The host part (and colon) may be omitted. Either host +# or port may be given in symbolic form or in numeric form. Examples +# for the SMTP server: localhost:smtp receives mail via the loopback +# interface only; 10025 receives mail on port 10025. +# +# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain +# sockets, "fifo" for named pipes. +# +# Private: whether or not access is restricted to the mail system. +# Default is private service. Internet (inet) sockets can't be private. +# +# Unprivileged: whether the service runs with root privileges or as +# the owner of the Postfix system (the owner name is controlled by the +# mail_owner configuration variable in the main.cf file). +# +# Chroot: whether or not the service runs chrooted to the mail queue +# directory (pathname is controlled by the queue_directory configuration +# variable in the main.cf file). Presently, all Postfix daemons can run +# chrooted, except for the pipe, virtual and local delivery daemons. +# The files in the examples/chroot-setup subdirectory describe how +# to set up a Postfix chroot environment for your type of machine. +# +# Wakeup time: automatically wake up the named service after the +# specified number of seconds. A ? at the end of the wakeup time +# field requests that wake up events be sent only to services that +# are actually being used. Specify 0 for no wakeup. Presently, only +# the pickup, queue manager and flush daemons need a wakeup timer. +# +# Max procs: the maximum number of processes that may execute this +# service simultaneously. Default is to use a globally configurable +# limit (the default_process_limit configuration parameter in main.cf). +# Specify 0 for no process count limit. +# +# Command + args: the command to be executed. The command name is +# relative to the Postfix program directory (pathname is controlled by +# the program_directory configuration variable). Adding one or more +# -v options turns on verbose logging for that service; adding a -D +# option enables symbolic debugging (see the debugger_command variable +# in the main.cf configuration file). See individual command man pages +# for specific command-line options, if any. +# +# In order to use the "uucp" message tranport below, set up entries +# in the transport table. +# +# In order to use the "cyrus" message transport below, configure it +# in main.cf as the mailbox_transport. +# +# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS. +# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL. +# +# DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR +# POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD +# +# DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL +# DELIVER MAIL MULTIPLE TIMES. +# +# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (yes) (never) (50) +# ========================================================================== +{% if postfix.primary or postfix.secondary %} +smtp inet n - - - 1 postscreen +smtpd pass - - - - - smtpd +{% else %} +smtp inet n - - - - smtpd +{% endif %} +{% if postfix.primary or postfix.secondary %} +dnsblog unix - - - - 0 dnsblog +{% endif %} +{% if postfix.primary %} +submission inet n - - - - smtpd + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING +smtps inet n - - - - smtpd + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject +{% endif %} +#628 inet n - - - - qmqpd +pickup fifo n - - 60 1 pickup +cleanup unix n - - - 0 cleanup +qmgr fifo n - - 300 1 qmgr +rewrite unix - - - - - trivial-rewrite +bounce unix - - - - 0 bounce +defer unix - - - - 0 bounce +trace unix - - - - 0 bounce +verify unix - - - - 1 verify +flush unix n - - 1000? 0 flush +proxymap unix - - n - - proxymap +smtp unix - - - - - smtp +relay unix - - - - - smtp +{% if postfix.primary %} + -o fallback_relay= +{% endif %} +showq unix n - - - - showq +error unix - - - - - error +retry unix - - - - - error +discard unix - - - - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - 5 lmtp +anvil unix - - - - 1 anvil +scache unix - - - - 1 scache +slow unix - - n - 1 smtp +# +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# The Cyrus deliver program has changed incompatibly. +# +cyrus unix - n n - - pipe + flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m $${extension} $${user} +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$$sender - $$nexthop!rmail ($$recipient) +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $$nexthop ($$recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$$nexthop -f$$sender $$recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $${nexthop} $${user} $${extension} +# only used by postfix-tls +tlsmgr unix - - n 300 1 tlsmgr +{% if postfix.mailman %} +mailman unix - n n - - pipe + flags=FR user=list + argv=/var/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} +{% endif %} diff --git a/roles/postfix/templates/postfix/mime_header_checks.j2 b/roles/postfix/templates/postfix/mime_header_checks.j2 new file mode 100644 index 00000000..c5e47193 --- /dev/null +++ b/roles/postfix/templates/postfix/mime_header_checks.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# Filtrage des fichiers envoyes en piece jointe. + +# La version hard (s'il n'y a pas d'antivirus, ou pour le dernier virus a la mode) +/^[ ]*(Content-Type:.*)?(Content-Disposition:.*)?(filename|name)=\"?(.*)\.(exe|com|pif|bat|scr|vbs|chm|cpl)\"?[ ]*$/ REJECT Content blocked : possible Virus are rejected. Please change filename extension of attachement "$4.$5" and resend mail. + +# La version soft : +#/^[ ]*(Content-Type:.*)?(Content-Disposition:.*)?(filename|name)=\"?(.*)\.(com|pif|bat|scr|vbs|chm)\"?[ ]*$/ REJECT Content blocked : possible Virus are rejected. Please change filename extension of attachement "$4.$5" and resend mail. diff --git a/roles/postfix/templates/postfix/postscreen_access.cidr.j2 b/roles/postfix/templates/postfix/postscreen_access.cidr.j2 new file mode 100644 index 00000000..65a8c8c3 --- /dev/null +++ b/roles/postfix/templates/postfix/postscreen_access.cidr.j2 @@ -0,0 +1,61 @@ +# {{ ansible_managed }} + +127.0.0.1 permit +138.231.0.0/16 permit +185.230.76.0/22 permit +10.231.136.0/24 permit +82.225.39.54 permit +91.121.179.40 permit +46.105.102.188 permit +2a0c:700:0:1::/64 permit +2a0c:700:0:2::/64 permit +2a0c:700:0:21::/64 permit +2a0c:700:0:22::/64 permit +2a0c:700:0:23::/64 permit +2a0c:700:0:24::/64 permit + +# ecommercant qui repmplace offrespourlespros, qui spammait le le 29/05/2015 +149.202.29.192/28 reject +37.187.141.230 reject +2001:41d0:a:4ce6::/64 reject +# gboxyw.net (reverse wasnh.net) le 05/11/2015, devenu vorange.net, vous le sentez le spam qui vient ? +37.187.132.105 reject +92.222.109.0/27 reject + +# mail.alkar.net spam le 26/06/2016 +195.248.191.95 reject + +# mail.testfast.eu spam en juin 2016 +176.20.27.0/24 reject + +# Spam depuis des adresses en .ua +91.194.84.10 reject +213.186.200.70 reject +185.117.89.15 reject +62.141.42.44 reject +# installio.co.ua +217.79.181.5 reject + +# Scam +180.137.106.59 reject +169.255.7.5 reject +110.159.122.90 reject +37.104.198.10 reject +46.62.146.206 reject + +# Spam alcoolisme 16/09/2018 +46.249.59.89 reject + +# Spam "Pastoral shit" +198.84.107.98 reject +198.84.74.66 reject +104.168.178.132 reject +104.168.178.156 reject +158.69.253.33 reject + +# Spam overdue payment +193.56.28.114 reject + +# Non, nous ne voulons pas traiter l'alcoolisme à l'insu du patient. +94.242.206.15 reject +91.188.222.33 reject diff --git a/roles/postfix/templates/postfix/recipient_access.j2 b/roles/postfix/templates/postfix/recipient_access.j2 new file mode 100644 index 00000000..90613c97 --- /dev/null +++ b/roles/postfix/templates/postfix/recipient_access.j2 @@ -0,0 +1,4 @@ +crans@crans.fr REJECT Le Crans se fiche du basket. Veuillez supprimer l'adresse crans@crans.fr de votre carnet. +crans.org OK +crans.fr OK +crans.eu OK diff --git a/roles/postfix/templates/postfix/sasl/smtpd.conf.j2 b/roles/postfix/templates/postfix/sasl/smtpd.conf.j2 new file mode 100644 index 00000000..18d73088 --- /dev/null +++ b/roles/postfix/templates/postfix/sasl/smtpd.conf.j2 @@ -0,0 +1,2 @@ +pwcheck_method: saslauthd +mech_list: plain login diff --git a/roles/postfix/templates/postfix/sender_login_maps.j2 b/roles/postfix/templates/postfix/sender_login_maps.j2 new file mode 100644 index 00000000..fa11fa88 --- /dev/null +++ b/roles/postfix/templates/postfix/sender_login_maps.j2 @@ -0,0 +1,3 @@ +@crans.org root +@crans.fr root +@crans.eu root diff --git a/roles/postfix/templates/postfix/transport.j2 b/roles/postfix/templates/postfix/transport.j2 new file mode 100644 index 00000000..2e44b92a --- /dev/null +++ b/roles/postfix/templates/postfix/transport.j2 @@ -0,0 +1,27 @@ +# {{ ansible_managed }} +# Transport des mails + +{% if postfix.mailman %} +# Les mailing-listes sont delivrees localement +lists.crans.org mailman: +{% else %} +lists.crans.org smtp:[lists.adm.crans.org] +{% endif %} +{% if postfix.primary or postfix.secondary %} +# C'est le serveur des adherents qui fait les livraisons des +# adresses clubs et adherents +crans.org smtp:[users.adm.crans.org] +crans.ens-cachan.fr smtp:[users.adm.crans.org] +install-party.ens-cachan.fr smtp:[users.adm.crans.org] +clubs.ens-cachan.fr smtp:[users.adm.crans.org] +crans.eu smtp:[users.adm.crans.org] +crans.fr smtp:[users.adm.crans.org] +{% endif %} +# SMTP relous +wanadoo.com slow: +wanadoo.fr slow: +orange.com slow: +orange.fr slow: +ens-cachan.fr slow: +free.fr slow: +laposte.net slow: