From 9936ed719e65086822a72645affa47c172658d48 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 6 Jun 2022 12:56:36 +0200 Subject: [PATCH] SRS configuration and tasks. --- defaults/main.yml | 21 ++++++++++++++++++--- tasks/main.yml | 3 ++- templates/main.cf.j2 | 18 ++++++++++++------ vars/main.yml | 6 ++++++ 4 files changed, 38 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 50d727a..828ad53 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -23,13 +23,13 @@ postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options } postfix_smtp_sasl_mechanism_filter: plain, login # Set it in the local rules -#postfix_relay_host: smtp-relay.example.com +# postfix_relay_host: smtp-relay.example.com postfix_relay_port: 587 postfix_default_destination_concurrency_limit: 20 -#postfix_smtp_relay_user: smtp-user +# postfix_smtp_relay_user: smtp-user postfix_smtp_relay_user: '{{ ansible_fqdn }}' # This one has to be set inside a vault file -#postfix_smtp_relay_pwd: set_you_password_here_in_a_vault_encrypted_file +# postfix_smtp_relay_pwd: set_you_password_here_in_a_vault_encrypted_file # The following options are used only whe postfix_relay_server is set to True postfix_relay_server: False @@ -47,3 +47,18 @@ nagios_postfix_mailq_w: 20 nagios_postfix_mailq_c: 50 nagios_postfix_processed_w: 50 nagios_postfix_processed_c: 150 +# SRS +# Compute it with 'dd if=/dev/urandom bs=18 count=1 2>/dev/null | base64' +# postfix_srs_secret: 'use a vault' +postfix_srs_secrets: + - '{{ postfix_srs_secret }}' +postfix_srs_list_exclude_domains: false +postfix_srs_exclude_domains: [] +postfix_srs_user: 'nobody' +postfix_srs_sender_enabled: false +postfix_srs_receiver_enabled: false +postfix_srs_listen: '127.0.0.1' +postfix_srs_sender_port: 10001 +postfix_srs_receiver_port: 10002 +postfix_sender_canonical_maps: 'tcp:{{ postfix_srs_listen }}:{{ postfix_srs_sender_port }}' +postfix_recipient_canonical_maps: 'tcp:{{ postfix_srs_listen }}:{{ postfix_srs_receiver_port }}' diff --git a/tasks/main.yml b/tasks/main.yml index 709db08..87173c3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,9 +1,10 @@ --- - import_tasks: smtp-common-packages.yml +- import_tasks: postsrsd.yml + when: postfix_srs_sender_enabled or postfix_srs_receiver_enabled - import_tasks: smtp-sasl-auth.yml when: postfix_relay_client - import_tasks: postfix-relay-server.yml when: postfix_relay_server - import_tasks: postfix-letsencrypt-hook.yml when: postfix_use_letsencrypt - diff --git a/templates/main.cf.j2 b/templates/main.cf.j2 index 4fd893e..fd144b7 100644 --- a/templates/main.cf.j2 +++ b/templates/main.cf.j2 @@ -1,7 +1,7 @@ smtpd_banner = $myhostname ESMTP $mail_name biff = {{ postfix_biff }} -# appending .domain is the MUA's job. +# appending .domain is the MUA s job. append_dot_mydomain = {{ postfix_append_dot_mydomain }} # Uncomment the next line to generate "delayed mail" warnings @@ -41,11 +41,7 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = {{ ansible_fqdn }} alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases -{% if domain_name is defined %} -myorigin = {{ domain_name }} -{% else %} -myorigin = {{ ansible_fqdn }} -{% endif %} +myorigin = {% if domain_name is defined %}{{ domain_name }}{% else %}{{ ansible_fqdn }}{% endif %} mydestination = {{ ansible_fqdn }}, localhost {% if postfix_use_relay_host %} relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }} @@ -58,6 +54,16 @@ inet_protocols = ipv4 mailbox_size_limit = 0 message_size_limit = {{ postfix_message_size_limit }} recipient_delimiter = + +{% if postfix_srs_sender_enabled %} +# SRS sender +sender_canonical_maps = {{ postfix_sender_canonical_maps }} +sender_canonical_classes = envelope_sender +{% endif %} +{% if postfix_srs_receiver_enabled %} +# SRS recipient +recipient_canonical_maps = {{ postfix_recipient_canonical_maps }} +recipient_canonical_classes= envelope_recipient,header_recipient +{% endif %} default_destination_concurrency_limit = {{ postfix_default_destination_concurrency_limit }} {% if postfix_use_sasl_auth %} smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }} diff --git a/vars/main.yml b/vars/main.yml index fed0479..49f52b3 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -11,3 +11,9 @@ postfix_relay_deb_pkgs: postfix_sasl_packages: - sasl2-bin + +# Conf files and data files +postfix_srs_secret_file: '/etc/postsrsd.secret' +postfix_srs_conf_file: '/etc/default/postsrsd' +postfix_srs_pkg: postsrsd +postfix_srs_el_repo: copr-postsrsd.repo