From fa2e4e2cbae0eb8b7f25ea354ae49bc66d9bf9f4 Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Sat, 8 Jun 2024 10:11:27 +0000
Subject: [PATCH] feat: postmap handler & sender_access conf

---
 roles/mail/files/main.cf       |  2 +-
 roles/mail/files/sender_access |  1 +
 roles/mail/handlers/main.yml   | 12 ++++++++++++
 roles/mail/tasks/main.yaml     |  5 ++++-
 4 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 roles/mail/files/sender_access
 create mode 100644 roles/mail/handlers/main.yml

diff --git a/roles/mail/files/main.cf b/roles/mail/files/main.cf
index 3214888..5234e32 100644
--- a/roles/mail/files/main.cf
+++ b/roles/mail/files/main.cf
@@ -53,7 +53,7 @@ smtpd_sender_login_maps=hash:/etc/postfix/enabled_senders
 smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policyd-spf,check_sender_access hash:/etc/postfix/sender_blacklist
 #smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject_unauth_destination,check_sender_access hash:/etc/postfix/sender_blacklist
 #smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender
-smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch,reject_non_fqdn_sender,permit_sasl_authenticated
+smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch,reject_non_fqdn_sender,check_sender_access hash:/etc/postfix/sender_access,permit_sasl_authenticated
 
 # USER mappings (not reliant on unix users)
 
diff --git a/roles/mail/files/sender_access b/roles/mail/files/sender_access
new file mode 100644
index 0000000..6ef14b7
--- /dev/null
+++ b/roles/mail/files/sender_access
@@ -0,0 +1 @@
+rejected-send@atlantishq.de REJECT
diff --git a/roles/mail/handlers/main.yml b/roles/mail/handlers/main.yml
new file mode 100644
index 0000000..1e8624a
--- /dev/null
+++ b/roles/mail/handlers/main.yml
@@ -0,0 +1,12 @@
+- name: postmap all
+  shell:
+    cmd: "/usr/sbin/postmap {{ item }}"
+    chdir: "/etc/postfix/"
+  with_items:
+    - sender_access
+    - enabled_senders
+    - relocated
+    - sender_blacklist
+    - tls_policy
+    - transport
+    - virtual
diff --git a/roles/mail/tasks/main.yaml b/roles/mail/tasks/main.yaml
index e44af6f..f6f6341 100644
--- a/roles/mail/tasks/main.yaml
+++ b/roles/mail/tasks/main.yaml
@@ -26,7 +26,10 @@
     - transport
     - virtual
     - header_checks
-  notify: restart postfix
+    - sender_access
+  notify:
+    - postmap all
+    - restart postfix
 
 - name: Deploy dmark/opendkim config (main)
   copy: