137 lines
5.8 KiB
YAML
137 lines
5.8 KiB
YAML
---
|
||
interfaces:
|
||
adm: eth0
|
||
srv: eth1
|
||
|
||
postfix:
|
||
primary: true
|
||
secondary: false
|
||
public: true
|
||
dkim: true
|
||
titanic: false
|
||
|
||
loc_certbot:
|
||
- mail: root@crans.org
|
||
certname: crans.org
|
||
domains: "*.adm.crans.org, *.crans.org"
|
||
|
||
loc_service_certbot:
|
||
config:
|
||
"crans.org":
|
||
zone: _acme-challenge.crans.org
|
||
server: 172.16.10.147
|
||
port: 53
|
||
key:
|
||
name: certbot_challenge.
|
||
secret: "{{ vault.certbot_dns_secret }}"
|
||
algorithm: HMAC-SHA512
|
||
"adm.crans.org":
|
||
zone: _acme-challenge.adm.crans.org
|
||
server: 172.16.10.147
|
||
port: 53
|
||
key:
|
||
name: certbot_adm_challenge.
|
||
secret: "{{ vault.certbot_adm_dns_secret }}"
|
||
algorithm: HMAC-SHA512
|
||
|
||
postfix:
|
||
hostname: redisdead.crans.org
|
||
shortname: redisdead
|
||
domain: crans.org
|
||
origin: crans.org
|
||
my_networks: "185.230.79.0/26, 172.16.3.0/24, 172.16.10.0/24, 185.230.78.0/24, 100.64.0.0/16, [2a0c:700:2::]/64, [2a0c:700:3::]/64, [fd00:0:0:10::]/64, [2a0c:700:12::]/64, [2a0c:700:13::]/64"
|
||
destination: "$mydomain, crans.ens-cachan.fr, clubs.ens-cachan.fr, install-party.ens-cachan.fr, crans.fr, crans.eu"
|
||
relay: "lists.$mydomain"
|
||
transport:
|
||
- method: smtp
|
||
comment: "Les mailing-listes sont délivrées localement"
|
||
params: "[172.16.10.110]"
|
||
targets: [lists.crans.org]
|
||
- method: smtp
|
||
comment: "Les mails sont délivrés par le serveur des adhérents"
|
||
params: "[172.16.10.31]"
|
||
targets: [crans.org, crans.eu, crans.fr, crans.ens-cachan.fr, clubs.ens-cachan.fr, install-party.ens-cachan.fr]
|
||
- method: slow
|
||
comment: "Microsoft nique ta mère :'("
|
||
params: "[172.16.10.32]"
|
||
targets: [hotmail.com, hotmail.fr, outlook.com, outlook.fr, live.com, live.fr, live.it]
|
||
- method: slow
|
||
comment: "SMTP relous"
|
||
targets: [wanadoo.com, wanadoo.fr, orange.com, orange.fr, ens-cachan.fr, ens-paris-saclay.fr, free.fr, laposte.net]
|
||
aliases: /var/local/services/mail/generated/aliases
|
||
virtual: /var/local/services/mail/generated/virtual
|
||
tls:
|
||
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
|
||
key: /etc/letsencrypt/live/crans.org/privkey.pem
|
||
sasl: true
|
||
smtp:
|
||
sender_login_maps:
|
||
- {entry: "@crans.org", owner: root}
|
||
- {entry: "@crans.fr", owner: root}
|
||
- {entry: "@crans.eu", owner: root}
|
||
submission:
|
||
sasl:
|
||
path: inet:172.16.10.126:4242
|
||
sender_login_maps: hash:/var/local/services/mail/generated/loginmap
|
||
policy: true
|
||
mime_header_checks:
|
||
- regex: '/^[ ]*(Content-Type:.*)?(Content-Disposition:.*)?(filename|name)=\"?(.*)\.(exe|com|pif|bat|scr|vbs|chm|cpl)\"?[ ]*$/'
|
||
action: 'REJECT Content blocked : possible Virus are rejected. Please change filename extension of attachement "$4.$5" and resend mail.'
|
||
# - regex: '[ ]*(Content-Type:.*)?(Content-Disposition:.*)?(filename|name)=\"?(.*)\.(com|pif|bat|scr|vbs|chm)\"?[ ]*$/'
|
||
action: 'REJECT Content blocked : possible Virus are rejected. Please change filename extension of attachement "$4.$5" and resend mail.'
|
||
milter: true
|
||
postscreen:
|
||
- comment: "Nice peoples"
|
||
verdict: permit
|
||
targets: ["127.0.0.1","185.230.76.0/22","185.230.79.40","172.16.10.0/24","82.225.39.54","91.121.179.40","46.105.102.188","fd00:0:0:10::/64","fd00:0:0:11::/64","2a0c:700:0:2::/64","2a0c:700:0:3::/64","2a0c:700:0:12::/64","2a0c:700:0:13::/64","2a0c:700:0:21::/64","2a0c:700:0:22::/64","2a0c:700:0:23::/64","2a0c:700:0:24::/64","2a0c:700:2::ff:fe01:1002"]
|
||
- comment: "ecommercant qui remplace offrespourlespros, qui spammait le 29/05/2015"
|
||
verdict: reject
|
||
targets: ["149.202.29.192/28","37.187.141.230","2001:41d0:a:4ce6::/64"]
|
||
- comment: "gboxyw.net (reverse wasnh.net) le 05/11/2015, devenu vorange.net, vous le sentez le spam qui vient ?"
|
||
verdict: reject
|
||
targets: ["37.187.132.105","92.222.109.0/27"]
|
||
- comment: "mail.alkar.net spam le 26/06/2016"
|
||
verdict: reject
|
||
targets: ["195.248.191.95"]
|
||
- comment: "mail.testfast.eu spam en juin 2016"
|
||
verdict: reject
|
||
targets: ["176.20.27.0/24"]
|
||
- comment: "Spam depuis des adresses en .ua"
|
||
verdict: reject
|
||
targets: ["91.194.84.10","213.186.200.70","185.117.89.15","62.141.42.44"]
|
||
- comment: "installio.co.ua"
|
||
verdict: reject
|
||
targets: ["217.79.181.5"]
|
||
- comment: Scam
|
||
verdict: reject
|
||
targets: ["180.137.106.59","169.255.7.5","110.159.122.90","37.104.198.10","46.62.146.206"]
|
||
- comment: "Spam alcoolisme 16/09/2018"
|
||
verdict: reject
|
||
targets: ["46.249.59.89"]
|
||
- comment: 'Spam "Pastoral shit"'
|
||
verdict: reject
|
||
targets: ["198.84.107.98","198.84.74.66","104.168.178.132","104.168.178.156","158.69.253.33"]
|
||
- comment: "Spam overdue payment"
|
||
verdict: reject
|
||
targets: ["193.56.28.114"]
|
||
- comment: "Non, nous ne voulons pas traiter l'alcoolisme à l'insu du patient."
|
||
verdict: reject
|
||
targets: ["94.242.206.15","91.188.222.33"]
|
||
- comment: "Et les russes ils dégagent aussi"
|
||
verdict: reject
|
||
targets: ["185.50.149.0/24"]
|
||
- comment: "2021/11/13: vague de spam"
|
||
verdict: reject
|
||
targets: ["139.162.150.93","130.255.78.23","85.171.248.149","37.59.38.218"]
|
||
recipient_access:
|
||
- {entry: "crans@crans.fr", action: "REJECT Le Crans se fiche du basket. Veuillez supprimer l'adresse crans@crans.fr de votre carnet."}
|
||
- {entry: "crans.org", action: OK}
|
||
- {entry: "crans.fr", action: OK}
|
||
- {entry: "crans.eu", action: OK}
|
||
client_checks:
|
||
- {entry: 185.50.149.0/24, action: REJECT Spammers are not welcome here!}
|
||
- {entry: 74.201.31.175, action: REJECT Spammers are not welcome here!}
|
||
- {entry: 109.237.103.41, action: REJECT Spammers are not welcome here!}
|
||
- {entry: 185.230.79.0/24, action: ACCEPT Coucou les serveurs du crans}
|
||
client_event_limit_exceptions: "172.16.10.0/24, [fd00:0:0:10::]/64, 185.230.79.0/26, [2a0c:700:2::]/64"
|