ansible-role-postfix/templates/postsrsd.default.j2

# Default settings for PostSRSd

# Local domain name.
# Addresses are rewritten to originate from this domain. The default value
# is taken from `postconf -h mydomain` and probably okay.
#
SRS_DOMAIN={% if domain_name is defined %}{{ domain_name }}{% else %}{{ ansible_fqdn }}{% endif %}

{% if postfix_srs_list_exclude_domains %}
# Exclude additional domains.
# You may list domains which shall not be subjected to address rewriting.
# If a domain name starts with a dot, it matches all subdomains, but not
# the domain itself. Separate multiple domains by space or comma.
#
SRS_EXCLUDE_DOMAINS={% for dom in postfix_srs_exclude_domains %}"{{ dom }}"{% if not loop.last %}, {% endif %}{% endfor %}
{% endif %}

# First separator character after SRS0 or SRS1.
# Can be one of: -+=
SRS_SEPARATOR==

# Secret key to sign rewritten addresses.
# When postsrsd is installed for the first time, a random secret is generated
# and stored in /etc/postsrsd.secret. For most installations, that is just fine.
#
SRS_SECRET=/etc/postsrsd.secret

# Length of hash to be used in rewritten addresses
SRS_HASHLENGTH=4

# Minimum length of hash to accept when validating return addresses.
# When increasing SRS_HASHLENGTH, set this to its previous value and
# wait for the duration of SRS return address validity (21 days) before
# increading this value as well.
SRS_HASHMIN=4

# Local ports for TCP list.
# These ports are used to bind the TCP list for postfix. If you change
# these, you have to modify the postfix settings accordingly. The ports
# are bound to the loopback interface, and should never be exposed on
# the internet.
#
SRS_FORWARD_PORT={{ postfix_srs_sender_port }}
SRS_REVERSE_PORT={{ postfix_srs_receiver_port }}

# Drop root privileges and run as another user after initialization.
# This is highly recommended as postsrsd handles untrusted input.
#
RUN_AS={{ postfix_srs_user }}

# Bind to this address
#
SRS_LISTEN_ADDR={{ postfix_srs_listen }}

# Jail daemon in chroot environment
#
CHROOT=/run/postsrsd

# Additional Options
# PostSRSd understands a few rarely needed extra options:
# -A     always rewrite email addresses, even from SRS_DOMAIN
# -t<n>  set connection timeout to <n> seconds (default: 1800)
#
#SRS_EXTRA_OPTIONS=-A
Add support for SRS 2022-06-06 13:00:51 +02:00			`# Default settings for PostSRSd`

			`# Local domain name.`
			`# Addresses are rewritten to originate from this domain. The default value`
			# is taken from `postconf -h mydomain` and probably okay.
			`#`
			`SRS_DOMAIN={% if domain_name is defined %}{{ domain_name }}{% else %}{{ ansible_fqdn }}{% endif %}`

			`{% if postfix_srs_list_exclude_domains %}`
			`# Exclude additional domains.`
			`# You may list domains which shall not be subjected to address rewriting.`
			`# If a domain name starts with a dot, it matches all subdomains, but not`
			`# the domain itself. Separate multiple domains by space or comma.`
			`#`
			`SRS_EXCLUDE_DOMAINS={% for dom in postfix_srs_exclude_domains %}"{{ dom }}"{% if not loop.last %}, {% endif %}{% endfor %}`
			`{% endif %}`

			`# First separator character after SRS0 or SRS1.`
			`# Can be one of: -+=`
			`SRS_SEPARATOR==`

			`# Secret key to sign rewritten addresses.`
			`# When postsrsd is installed for the first time, a random secret is generated`
			`# and stored in /etc/postsrsd.secret. For most installations, that is just fine.`
			`#`
			`SRS_SECRET=/etc/postsrsd.secret`

			`# Length of hash to be used in rewritten addresses`
			`SRS_HASHLENGTH=4`

			`# Minimum length of hash to accept when validating return addresses.`
			`# When increasing SRS_HASHLENGTH, set this to its previous value and`
			`# wait for the duration of SRS return address validity (21 days) before`
			`# increading this value as well.`
			`SRS_HASHMIN=4`

			`# Local ports for TCP list.`
			`# These ports are used to bind the TCP list for postfix. If you change`
			`# these, you have to modify the postfix settings accordingly. The ports`
			`# are bound to the loopback interface, and should never be exposed on`
			`# the internet.`
			`#`
			`SRS_FORWARD_PORT={{ postfix_srs_sender_port }}`
			`SRS_REVERSE_PORT={{ postfix_srs_receiver_port }}`

			`# Drop root privileges and run as another user after initialization.`
			`# This is highly recommended as postsrsd handles untrusted input.`
			`#`
			`RUN_AS={{ postfix_srs_user }}`

			`# Bind to this address`
			`#`
			`SRS_LISTEN_ADDR={{ postfix_srs_listen }}`

			`# Jail daemon in chroot environment`
			`#`
			`CHROOT=/run/postsrsd`

			`# Additional Options`
			`# PostSRSd understands a few rarely needed extra options:`
			`# -A always rewrite email addresses, even from SRS_DOMAIN`
			`# -t<n> set connection timeout to <n> seconds (default: 1800)`
			`#`
			`#SRS_EXTRA_OPTIONS=-A`