From bd44a4e17982bce8980da6001a059efa3d32b7bc Mon Sep 17 00:00:00 2001
From: "A. Karl Kornel" <akkornel@stanford.edu>
Date: Mon, 2 Oct 2017 11:23:32 -0700
Subject: [PATCH] Postfix: Change transport to only use relayhost

The stanford.edu MXes are almost all moved off-campus, and the one that's
left will be going away soon, as well!

That means we need to update the transport file, so that stanford.edu (and
sub-domains) begin being handled by smtp.stanford.edu again, since
smtp.stanford.edu still has an on-campus presence.
---
 NEWS                                |  5 +++++
 files/postfix/etc/postfix/transport | 34 +++++++++++++++++++++--------
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/NEWS b/NEWS
index 42bcf6c..757f708 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,11 @@ unreleased (2017-??-??)
     [ssh] Add $extra_gssapi_only_users parameter listing any extra
     accounts that should skip Duo (i.e., service accounts). [adamhl]
 
+    [postfix] Remove the transport lines which allowed stanford.edu mail
+    to route via published MX records, because that is moving entirely
+    off-campus Instead, just have everything go through smtp.stanford.edu
+    (which still has an on-campus presence). [akkornel]
+
 release/005.009 (2017-07-07)
 
     [ntp] Push "tinker-panic 0" to the top of the ntp.conf file to help
diff --git a/files/postfix/etc/postfix/transport b/files/postfix/etc/postfix/transport
index 40990ce..9b786f3 100644
--- a/files/postfix/etc/postfix/transport
+++ b/files/postfix/etc/postfix/transport
@@ -1,11 +1,27 @@
 # Postfix transport definitions.  -*- conf -*-
 #
-# Off-campus mail has to go through smtp.stanford.edu.  Currently we
-# manually list the stanford.edu hosts that have off-campus MX records.
-
-stanford.edu		:
-.stanford.edu		:
-alumni.stanford.edu	smtp:smtp.stanford.edu
-law.stanford.edu	smtp:smtp.stanford.edu
-sls.stanford.edu	smtp:smtp.stanford.edu
-*			smtp:smtp.stanford.edu
+# This file is maintained by Puppet, as part of base::postfix.
+# You can override it in your code, if you like!  Just be sure to use the
+# base::postfix::map type, to ensure that `postmap` is run when this file
+# changes.
+
+# By default, relay all email through the campus mail gateway.
+# This is basically the same as using the relayhost option in main.cf,
+# but using the transport map gives us more flexibility!
+*           smtp:smtp.stanford.edu
+
+# The only time you should remove the above line is (a) you are using this code
+# to push to a cloud (or other non-on-Stanford-network system), or (b) your
+# system has an exemption to send mail directly to the outside world.
+# (Or, you might be like SoM, and have your own mail gateways!)
+
+# If you have a host or domain where you want to use the MX records returned by
+# DNS, then use lines like the following:
+#stanford.edu		:
+#.stanford.edu		:
+
+# ... but!  If you use lines like the above, then you'd have to put in
+# additional lines for any sub-domains where you want to use the mail gateway.
+#alumni.stanford.edu	smtp:smtp.stanford.edu
+#law.stanford.edu	smtp:smtp.stanford.edu
+#sls.stanford.edu	smtp:smtp.stanford.edu
-- 
GitLab