diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index b0d6457355..46f8ba29a7 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -97,6 +97,9 @@ - name: rebuild postfix transport command: /usr/sbin/postmap /etc/postfix/transport +- name: rebuild postfix bysender + command: /usr/sbin/postmap /etc/postfix/bysender + - name: rebuild postfix tls_policy command: /usr/sbin/postmap /etc/postfix/tls_policy diff --git a/roles/base/files/postfix/bysender b/roles/base/files/postfix/bysender new file mode 100644 index 0000000000..19fedeffab --- /dev/null +++ b/roles/base/files/postfix/bysender @@ -0,0 +1 @@ +@redhat.com [mx2.redhat.com] diff --git a/roles/base/files/postfix/main.cf/main.cf.gateway b/roles/base/files/postfix/main.cf/main.cf.gateway index d5a30bb840..90f6a3a17a 100644 --- a/roles/base/files/postfix/main.cf/main.cf.gateway +++ b/roles/base/files/postfix/main.cf/main.cf.gateway @@ -773,3 +773,8 @@ message_size_limit = 20971520 # At least one is required to receive email smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination +# +# here we send emails _from_ redhat.com addresses back out the redhat.com mx +# This avoids us sending them and causing SPF failures. +# It depends on them allowing us to relay email out. +sender_dependent_relayhost_maps = hash:/etc/postfix/bysender diff --git a/roles/base/tasks/postfix.yml b/roles/base/tasks/postfix.yml index 3272cb4c06..7e419c5097 100644 --- a/roles/base/tasks/postfix.yml +++ b/roles/base/tasks/postfix.yml @@ -71,6 +71,17 @@ - base - config +- name: install /etc/postfix/bysender file + copy: src="postfix/bysender" dest=/etc/postfix/bysender + when: inventory_hostname.startswith(('bastion')) and env != 'staging' + notify: + - rebuild postfix bysender + - restart postfix + tags: + - postfix + - base + - config + - name: create /etc/postfix/tls_policy copy: src="postfix/tls_policy" dest=/etc/postfix/tls_policy when: inventory_hostname.startswith(('bastion','smtp-mm','pagure')) and env != 'staging'