Merge pull request #35 from Oefenweb/pr-34

Disable the SMTP VRFY command
Oefenweb · May 29, 2017 · b69055f · b69055f
2 parents 64f3ecf + 9b4c433
commit b69055f
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -27,6 +27,7 @@ None
  * `postfix_sasl_user` [default: `postmaster@{{ ansible_domain }}`]: SASL relay username
  * `postfix_sasl_password` [default: `k8+haga4@#pR`]: SASL relay password **Make sure to change!**
  * `postfix_smtpd_banner` [default: `$myhostname ESMTP $mail_name (Ubuntu)`]: Greeting banner **You MUST specify $myhostname at the start of the text. This is required by the SMTP protocol.**
+ * `postfix_disable_vrfy_command` [default: `false`]: Disable the `SMTP VRFY` command. This stops some techniques used to harvest email addresses
 
 ## Dependencies
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -24,3 +24,4 @@ postfix_mynetworks:
   - '[::ffff:127.0.0.0]/104'
   - '[::1]/128'
 postfix_smtpd_banner: '$myhostname ESMTP $mail_name (Ubuntu)'
+postfix_disable_vrfy_command: false
diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
@@ -44,7 +44,7 @@ inet_protocols = {{ postfix_inet_protocols }}
 {% if postfix_relayhost %}
 relayhost = [{{ postfix_relayhost }}]:{{ postfix_relayhost_port }}
 {% if postfix_sasl_auth_enable %}
-smtp_sasl_auth_enable = {{ 'yes' if postfix_sasl_auth_enable else 'no' }}
+smtp_sasl_auth_enable = {{ postfix_sasl_auth_enable | bool | ternary('yes', 'no') }}
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = {{ postfix_sasl_security_options }}
 {% endif %}
@@ -59,3 +59,6 @@ smtp_tls_CAfile = {{ postfix_smtp_tls_cafile }}
 {% else %}
 relayhost =
 {% endif %}
+
+# Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.
+disable_vrfy_command = {{ postfix_disable_vrfy_command | bool | ternary('yes', 'no') }}