From cdf2869ef19f62e4839f25b2529757f5878a82e2 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 13 Oct 2018 11:32:17 -0500
Subject: [PATCH] zabbix-server: Only allow local SMTP relay

The Zabbix server also serves an SMTP relay, to minimize reliance on
external services when sending notifications. Since it inherits
configuration of the relay from the general *smtp-relay* group, it ends
up allowing all hosts to relay off of it. To avoid this, we set
`smtp_rmynetworks` at the *zabbix-server* group level to only allow the
local machine to relay messages.
---
 group_vars/zabbix-server.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/group_vars/zabbix-server.yml b/group_vars/zabbix-server.yml
index 1b692b0..7d0be6b 100644
--- a/group_vars/zabbix-server.yml
+++ b/group_vars/zabbix-server.yml
@@ -5,3 +5,4 @@ pg_hba_extra:
   user: zabbix
   address: ''
   method: md5
+smtp_mynetworks: localhost