65 lines
2.3 KiB
YAML
65 lines
2.3 KiB
YAML
---
|
|
postfix_enabled: True
|
|
postfix_install_packages: '{{ postfix_enabled }}'
|
|
|
|
# Set it to true when you want configure your machine to send email to a relay
|
|
postfix_relay_client: False
|
|
postfix_use_relay_host: '{{ postfix_relay_client }}'
|
|
postfix_relay_client_do_not_stop_submission: False
|
|
postfix_biff: "no"
|
|
postfix_append_dot_mydomain: "no"
|
|
|
|
postfix_use_letsencrypt: False
|
|
# Accepted values: none, may, encrypt
|
|
postfix_smtpd_tls_security_level: encrypt
|
|
# Accepted values: none, may, encrypt, fingerprint, verify, secure. And from 2.11: dane, dane-only
|
|
postfix_smtp_tls_security_level: encrypt
|
|
postfix_use_sasl_auth: True
|
|
postfix_smtp_sasl_auth_enable: "yes"
|
|
postfix_smtp_create_relay_user: True
|
|
# Options: noanonymous, noplaintext
|
|
postfix_smtp_sasl_security_options: noanonymous
|
|
postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
|
|
postfix_smtp_sasl_mechanism_filter: plain, login
|
|
|
|
# Set it in the local rules
|
|
# postfix_relay_host: smtp-relay.example.com
|
|
postfix_relay_port: 587
|
|
postfix_default_destination_concurrency_limit: 20
|
|
# postfix_smtp_relay_user: smtp-user
|
|
postfix_smtp_relay_user: '{{ ansible_fqdn }}'
|
|
# This one has to be set inside a vault file
|
|
# postfix_smtp_relay_pwd: set_you_password_here_in_a_vault_encrypted_file
|
|
|
|
# The following options are used only whe postfix_relay_server is set to True
|
|
postfix_relay_server: False
|
|
postfix_mynetworks: hash:/etc/postfix/network_table
|
|
postfix_interfaces: all
|
|
postfix_inet_protocols: all
|
|
postfix_message_size_limit: 10240000
|
|
|
|
postfix_nagios_check: False
|
|
postfix_nagios_checks:
|
|
- check_postfix_mailqueue
|
|
- check_postfix_processed
|
|
|
|
nagios_postfix_mailq_w: 20
|
|
nagios_postfix_mailq_c: 50
|
|
nagios_postfix_processed_w: 50
|
|
nagios_postfix_processed_c: 150
|
|
# SRS
|
|
# Compute it with 'dd if=/dev/urandom bs=18 count=1 2>/dev/null | base64'
|
|
# postfix_srs_secret: 'use a vault'
|
|
postfix_srs_secrets:
|
|
- '{{ postfix_srs_secret }}'
|
|
postfix_srs_list_exclude_domains: false
|
|
postfix_srs_exclude_domains: []
|
|
postfix_srs_user: 'nobody'
|
|
postfix_srs_sender_enabled: false
|
|
postfix_srs_receiver_enabled: false
|
|
postfix_srs_listen: '127.0.0.1'
|
|
postfix_srs_sender_port: 10001
|
|
postfix_srs_receiver_port: 10002
|
|
postfix_sender_canonical_maps: 'tcp:{{ postfix_srs_listen }}:{{ postfix_srs_sender_port }}'
|
|
postfix_recipient_canonical_maps: 'tcp:{{ postfix_srs_listen }}:{{ postfix_srs_receiver_port }}'
|