From f117ecbfe523fa27f590c050b847ee18159751dc Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Wed, 6 Jul 2016 15:00:07 +0200
Subject: [PATCH] update postfix run script

---
 rootfs/etc/confd/templates/master.cf.tmpl | 21 +++++++++++++++++++++
 tmp                                       |  2 +-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/rootfs/etc/confd/templates/master.cf.tmpl b/rootfs/etc/confd/templates/master.cf.tmpl
index ea1e4a3..b88064e 100644
--- a/rootfs/etc/confd/templates/master.cf.tmpl
+++ b/rootfs/etc/confd/templates/master.cf.tmpl
@@ -1,3 +1,24 @@
+{{range $mailhosts := split (getenv "MAILHOSTS") ";"}}
+{{$values := split ($mailhosts) ":"}}
+{{index $values 0}}:smtp  inet  n - - - -  smtpd
+  -o myhostname={{index $values 1}}
+  -o smtpd_tls_key_file=/etc/ssl/mail/{{index $values 1}}/privkey.pem
+  -o smtpd_tls_cert_file=/etc/ssl/mail/{{index $values 1}}//fullchain.pem
+
+{{index $values 1}}-out unix -     -    -    -    -    smtp
+  -o smtp_bind_address={{index $values 0}}
+  -o smtp_helo_name={{index $values 2}}
+  -o syslog_name=postfix-{{index $values 2}}
+
+{{index $values 0}}:submission  inet  n  - - - -  smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
+  -o milter_macro_daemon_name=ORIGINATING
+  -o smtpd_tls_key_file=/etc/ssl/mail/{{index $values 1}}/privkey.pem
+  -o smtpd_tls_cert_file=/etc/ssl/mail/{{index $values 1}}//fullchain.pem
+{{end}}
 
 smtp      inet  n       -       n       -       -       smtpd
 pickup    unix  n       -       n       60      1       pickup
diff --git a/tmp b/tmp
index d5b8511..fa0cc7f 100644
--- a/tmp
+++ b/tmp
@@ -14,7 +14,7 @@
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
-  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
   -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_tls_key_file=/etc/ssl/mail/{{index $values 1}}/privkey.pem
   -o smtpd_tls_cert_file=/etc/ssl/mail/{{index $values 1}}//fullchain.pem