From 203a761e03c7285cc48c50dafa0587bb22e9dd72 Mon Sep 17 00:00:00 2001 From: Jason Rothstein Date: Mon, 1 Sep 2025 14:01:33 -0500 Subject: [PATCH] Trust traffic originating from localhost (outbound) Signed-off-by: Jason Rothstein --- templates/Fedora/42/etc/opendmarc.conf | 1 + templates/Fedora/42/etc/opendmarc/ignore.hosts | 1 + vars/Fedora-42-default.yml | 2 ++ 3 files changed, 4 insertions(+) create mode 100644 templates/Fedora/42/etc/opendmarc/ignore.hosts diff --git a/templates/Fedora/42/etc/opendmarc.conf b/templates/Fedora/42/etc/opendmarc.conf index 19f6b7b..f5566b3 100644 --- a/templates/Fedora/42/etc/opendmarc.conf +++ b/templates/Fedora/42/etc/opendmarc.conf @@ -259,6 +259,7 @@ FailureReportsSentBy {{ postmaster_email }} ## to "127.0.0.1" only. # # IgnoreHosts /etc/opendmarc/ignore.hosts +IgnoreHosts /etc/opendmarc/ignore.hosts ## IgnoreMailFrom domain[,...] ## default (none) diff --git a/templates/Fedora/42/etc/opendmarc/ignore.hosts b/templates/Fedora/42/etc/opendmarc/ignore.hosts new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/templates/Fedora/42/etc/opendmarc/ignore.hosts @@ -0,0 +1 @@ +localhost diff --git a/vars/Fedora-42-default.yml b/vars/Fedora-42-default.yml index d2f418d..532bad5 100644 --- a/vars/Fedora-42-default.yml +++ b/vars/Fedora-42-default.yml @@ -103,6 +103,8 @@ template_list: src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/opendkim.conf' - dest: '/etc/opendmarc.conf' src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/opendmarc.conf' + - dest: '/etc/opendmarc/ignore.hosts' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/opendmarc/ignore.hosts' - dest: '/usr/lib/systemd/system/postfix-copytls.service' src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/postfix-copytls.service' - dest: '/usr/lib/systemd/system/postfix-copytls.timer'