diff --git a/library/roles/postfix/defaults/main.yml b/library/roles/postfix/defaults/main.yml deleted file mode 100644 index 1070768..0000000 --- a/library/roles/postfix/defaults/main.yml +++ /dev/null @@ -1,187 +0,0 @@ ---- -postfix_enabled: True -postfix_install_packages: True - -postfix_relay_rh_pkgs: - - postfix - - cyrus-sasl-lib - - cyrus-sasl-plain - - cyrus-sasl-md5 - -postfix_relay_deb_pkgs: - - postfix - - libsasl2-2 - -############################################################################# -# Set them to true when you want configure your machine to send email to a relay -############################################################################# -postfix_relay_client: False -postfix_use_relay_host: '{{ postfix_relay_client }}' -postfix_biff: "no" -postfix_append_dot_mydomain: "no" - -postfix_use_letsencrypt: False -postfix_tls_encryption_level: 'intermediate' -postfix_tls_dhparam_size: 2048 -postfix_tls_dhparam_file: /etc/postfix/dhparam.pem -# Accepted values: none, may, encrypt -postfix_smtpd_tls_security_level: encrypt -# Accepted values: none, may, encrypt, fingerprint, verify, secure. And from 2.11: dane, dane-only -postfix_smtp_tls_security_level: may -postfix_use_sasl_auth: True -postfix_smtp_sasl_auth_enable: "yes" -postfix_smtp_create_relay_user: True -# Options: noanonymous, noplaintext -postfix_smtp_sasl_security_options: noanonymous -postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}' -postfix_smtp_sasl_mechanism_filter: plain, login - -# Set it in your vars files -#postfix_relay_host: smtp-relay.example.com -postfix_relay_port: 587 -#postfix_smtp_relay_user: smtp-user -postfix_smtp_relay_user: '{{ ansible_fqdn }}' -# This one has to be set inside a vault file -#postfix_smtp_relay_pwd: 'set_you_password_here_in_a_vault_encrypted_file' -postfix_smtpd_reject_unknown_helo_hostname: False -postfix_reject_unknown_sender_domain: True -############################################################################# -# Relay server: accepts authenticated clients -############################################################################# -postfix_relay_server: False -# -postfix_use_milter: False -postfix_spamassassin_milter: False -postfix_spamassassin_milter_socket: 'unix:/run/spamass-milter/postfix/sock' -postfix_clamav_milter: False -# inet:[127.0.0.1]:7357 -postfix_clamav_milter_socket: 'unix:/run/clamav-milter/clamav-milter.socket' -# Specify accept, reject, tempfail, quarantine -postfix_milter_action: tempfail -############################################################################# -# SMTP server that not accept authenticated clients. -############################################################################# -postfix_smtpd_server: False -# SMTP server that routes emails coming from outside -############################################################################# -postfix_mx_server: False -############################################################################# -# SMTP submission server: accepts authenticated clients -############################################################################# -postfix_submission_server: False -########################################################################################### -# The following options are used when acting as a relay or as a general purpose SMTP server -########################################################################################### -postfix_use_inet_interfaces: False -postfix_inet_interfaces: - - all -postfix_inet_protocols: - - all -postfix_proxy_interfaces_enabled: False -postfix_proxy_interfaces: - - 127.0.0.1 -postfix_message_size_limit: 10240000 - -postfix_sasl_deb_packages: - - sasl2-bin - -postfix_sasl_rh_packages: - - cyrus-sasl - -postfix_saslauthd_mech: 'pam' -postfix_saslauthd_flags: '' -postfix_saslauthd_conf_file: '/etc/saslauthd.conf' -# -postfix_sasl_ldap_servers: ldap://localhost -postfix_sasl_ldap_bind_dn: cn=saslauthd,ou=dsa,dc=example,dc=com -# postfix_sasl_ldap_bind_pw: set inside a vault file -postfix_sasl_ldap_timeout: 10 -postfix_sasl_ldap_time_limit: 10 -postfix_sasl_ldap_scope: sub -postfix_sasl_ldap_search_base: ou=people,dc=example,dc=com -postfix_sasl_ldap_auth_method: bind -postfix_sasl_ldap_filter: (&(uid=%u)(mail=*)) -postfix_sasl_ldap_debug: 0 -postfix_sasl_ldap_verbose: off -postfix_sasl_ldap_ssl: no -postfix_sasl_ldap_starttls: yes -postfix_sasl_ldap_referrals: no -# - -postfix_use_domain_name: False -postfix_virtual_transport_enabled: False -postfix_virtual_transport_protocol: 'lmtp' -postfix_lmtp_protocol: 'inet' -postfix_lmtp_host: '127.0.0.1' -postfix_lmtp_port: 24 -postfix_delivery_soft_bounce: False -postfix_recipient_delimiter: '+' -postfix_local_recipients: False -postfix_transport_map_enabled: False -postfix_transport_maps: - - 'hash:/etc/postfix/transport' - -postfix_transport_data: [] -# -# Example: -# postfix_transport_data: -# - { domain: 'example.com', action: 'smtp:[dest.smtp.example.com]:25' } -postfix_rbl_enabled: True -postfix_rbl_list: 'zen.spamhaus.org' - -postfix_mynetworks: hash:/etc/postfix/network_table -postfix_mynetworks_data: - - '127.0.0.0/8' - - '127.0.0.1' - -postfix_alias_maps: - - 'hash:/etc/aliases' - -postfix_alias_databases: '{{ postfix_alias_maps }}' - -postfix_virtual_addresses: False -postfix_virtual_mailbox_domains: 'hash:/etc/postfix/virtual_domains' -postfix_virtual_mailbox_domains_data: [] -# -# Example. The 'action' part is optional: -# postfix_virtual_mailbox_domains_data: -# - { domain: 'example.com', action: 'OK' } - -postfix_virtual_mailbox_maps: - - 'hash:/etc/postfix/vmailbox_maps' - -postfix_virtual_domains: False -postfix_virtual_alias_domains: 'hash:/etc/postfix/virtual_domains' -postfix_virtual_alias_domains_data: [] -# -# Example. The 'action' part is optional: -# postfix_virtual_alias_domains_data: -# - { domain: 'example.com', action: 'OK' } - -postfix_virtual_alias_maps: - - 'hash:/etc/postfix/virtual' - -postfix_local_dest_concurrency_limit: 2 -postfix_default_destination_concurrency_limit: 5 - -postfix_behind_haproxy: False -postfix_postscreen_port: 1024 - -# -# Nagios monitoring -# -postfix_nagios_check: False -postfix_nagios_checks: - - check_postfix_mailqueue - - check_postfix_processed - -nagios_postfix_mailq_w: 20 -nagios_postfix_mailq_c: 50 -nagios_postfix_processed_w: 50 -nagios_postfix_processed_c: 150 - -postfix_firewalld_services: - - { service: 'smtp', state: 'enabled', zone: '{{ firewalld_default_zone }}' } - - { service: 'smtps', state: 'enabled', zone: '{{ firewalld_default_zone }}' } - - { service: 'smtp-submission', state: 'enabled', zone: '{{ firewalld_default_zone }}' } - diff --git a/library/roles/postfix/files/check_postfix_mailqueue b/library/roles/postfix/files/check_postfix_mailqueue deleted file mode 100644 index 98721b5..0000000 --- a/library/roles/postfix/files/check_postfix_mailqueue +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/bash -################################################################### -# check_postfix_mailqueue is developped with GPL Licence 2.0 -# -# GPL License: http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt -# -# First version developped by : Bjoern Bongermino -# -################################################################### -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -#################################################################### - -# -# original https://gist.github.com/alexlehm/8084195 -# - -# created by McArt http://www.mcart.ru/ - -# Uncomment to enable debugging -# set -x - -PROGNAME=`basename $0` -VERSION="Version 2.0" -AUTHOR="McArt (http://www.mcart.ru)" - -STATE_OK=0 -STATE_WARNING=1 -STATE_CRITICAL=2 -STATE_UNKNOWN=3 - -warning=unknown -critical=unknown - -print_version() { - echo "$PROGNAME $VERSION $AUTHOR" -} - -print_help() { - print_version $PROGNAME $VERSION - echo "" - echo "$PROGNAME - Checks postfix mailqueue statistic" - echo "" - echo "$PROGNAME is a Nagios plugin which generates statistics" - echo "for the postfix mailqueue and checks for corrupt messages." - echo "The following values will be checked:" - echo "active: Mails being delivered (should be small)" - echo "deferred: Stuck mails (that will be retried later)" - echo "corrupt: Messages found to not be in correct format (should be 0)" - echo "hold: Recent addition, messages put on hold indefinitly - delete of free" - echo "bounced: Bounced mails" - echo "" - echo "Usage: $PROGNAME -w WARN-Level -c CRIT-Level" - echo "" - echo "Options:" - echo " -w)" - echo " Warning level for active mails" - echo " -c)" - echo " Critical level for active mail" - echo " -h)" - echo " This help" - echo " -v)" - echo " Version" - exit $STATE_OK -} - -# Check for parameters -while test -n "$1"; do - case "$1" in - -h) - print_help - exit $STATE_OK;; - -v) - print_version - exit $STATE_OK;; - -w) - warning=$2 - shift - ;; - -c) - critical=$2 - shift - ;; - *) - echo "Usage: ./check_postfix_mailqueue2.sh -w -c " - ;; - esac - shift -done - -if [ $warning == "unknown" ] || [ $critical == "unknown" ]; then - echo "You need to specify warning and critical for active mails" - echo "Usage: ./check_postfix_mailqueue2.sh -w -c " - exit $STATE_UNKNOWN -fi - -# make sure CRIT is larger than WARN -if [ $warning -ge $critical ];then - echo "UNKNOWN: WARN value may not be greater than or equal the CRIT value" - exit $OK -fi - -check_postfix_mailqueue() { -# Can be set via environment, but default is fetched by postconf (if available, -# else /var/spool/postfix) -if which postconf > /dev/null ; then - SPOOLDIR=${spooldir:-`postconf -h queue_directory`} -else - SPOOLDIR=${spooldir:-/var/spool/postfix} -fi - -cd $SPOOLDIR >/dev/null 2>/dev/null || { - echo -n "Cannot cd to $SPOOLDIR" - exit $STATE_CRITICAL -} - -for d in deferred active corrupt hold -do - if [ ! -r $d ] - then - echo -n "queue dir '$d' is not readable" - exit $STATE_CRITICAL - fi -done - -# Get values -deferred=`(test -d deferred && find deferred -type f ) | wc -l` -active=`(test -d active && find active -type f ) | wc -l` -corrupt=`(test -d corrupt && find corrupt -type f ) | wc -l` -hold=`( test -d hold && find hold -type f ) | wc -l` -bounced=`cat /var/log/mail.log | grep bounced | wc -l` -} - -check_postfix_mailqueue -values="Deferred mails=$deferred Active deliveries=$active Corrupt mails=$corrupt Mails on hold=$hold Bounced mails=$bounced" -perfdata="deferred=$deferred;; active=$active;; corrupt=$corrupt;; hold=$hold;; bounced=$bounced;;" - -if [ $corrupt -gt 0 ]; then - echo -n "Postfix Mailqueue WARNING - $corrupt corrupt messages found! | $perfdata" - exit $STATE_WARNING -fi - -if [ $hold -gt 0 ]; then - echo -n "Postfix Mailqueue WARNING - $hold hold messages found! | $perfdata" - exit $STATE_WARNING -fi - -if [ $deferred -gt 0 ]; then - echo -n "Postfix Mailqueue WARNING - $deferred deferred messages found! | $perfdata" - exit $STATE_WARNING -fi - -if [ $bounced -gt 0 ]; then - echo -n "Postfix Mailqueue WARNING - $bounced bounced messages found! | $perfdata" - exit $STATE_WARNING -fi - - - if [ $active -gt $critical ]; then - MES_TO_EXIT="Postfix Mailqueue CRITICAL - $values | $perfdata" - STATE_TO_EXIT=$STATE_CRITICAL - elif [ $active -gt $warning ]; then - MES_TO_EXIT="Postfix Mailqueue WARNING - $values | $perfdata" - STATE_TO_EXIT=$STATE_WARNING - else - MES_TO_EXIT="Postfix Mailqueue OK - $values | $perfdata" - STATE_TO_EXIT=$STATE_OK - fi - - -echo -n $MES_TO_EXIT -echo -e "\n" -exit $STATE_TO_EXIT diff --git a/library/roles/postfix/files/check_postfix_processed b/library/roles/postfix/files/check_postfix_processed deleted file mode 100755 index 1dd6421..0000000 --- a/library/roles/postfix/files/check_postfix_processed +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/env bash - -## This program is free software: you can redistribute it and/or modify -## it under the terms of the GNU General Public License as published by -## the Free Software Foundation, either version 3 of the License, or -## (at your option) any later version. -## -## This program is distributed in the hope that it will be useful, -## but WITHOUT ANY WARRANTY; without even the implied warranty of -## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -## GNU General Public License for more details. -## - -# =============== -# check_postfixprocessed - plugin to check the number of mail processed by parsing logfiles -# =============== -# * mail processor written by Cecil Westerhof & Modifications for nagios by Frank IJskes -# * Christian Nutz identified the IF as slow on large logfiles, by only checking from the bottom up performance went back to normal - -# version 2 uses AWK to improve processing / lower cpu load -# plugin return codes: -# 0 OK -# 1 Warning -# 2 Critical -# 3 Unknown - -NO_OF_SECONDS=300 -POSTFIX_LOG="/var/log/mail.log" - -while getopts "hvw:c:" opt -do - case $opt in - h) - showhelp=1 - break - ;; - w) - warning="$OPTARG" - ;; - c) - critical="$OPTARG" - ;; - v) - verbose=1 - ;; - esac -done - -printUsage() { - echo "Usage: $0 [-h] [-v] -w -c " - echo "" - echo "Example: $0 -w 50 -c 100" -} - -printHelp() { - printUsage - echo "" - echo "This plugin checks the number of messages processed by Postfix in the last 5 minutes." - echo "" - echo "For more details, see inside the script ;)" - echo "" - exit 3 -} - -if [ "$showhelp" = "1" ]; then - printHelp - exit 3 -fi - -if [ ! "$warning" ] || [ ! "$critical" ]; then - printUsage - exit 3 -fi - -if [ $warning -ge $critical ]; then - echo " has to be smaller than !" - exit 3 -fi - -if [ ! "$POSTFIX_LOG" ]; then - echo "Could not find postfix log!" - exit 3 -fi - -countSentMessages () { - NOW=`date +%s` - - DATE_FROM=`awk -v now=$NOW -v seconds=$NO_OF_SECONDS 'BEGIN{print strftime("%b %d %T", now-seconds)}'` - DATE_TO=`awk -v now=$NOW 'BEGIN{print strftime("%b %d %T", now)}'` - - echo `awk '$0>=from && $0<=to' from="$DATE_FROM" to="$DATE_TO" ${POSTFIX_LOG} | grep ' postfix/smtp\[.*, status=sent ' | wc -l` -} - -sentMessagesCount=`countSentMessages` - -echo "Messages processed in the last $NO_OF_SECONDS seconds: $sentMessagesCount | mailsprocessed=$sentMessagesCount" - -if [ "$sentMessagesCount" -ge "$critical" ]; then - exit 2 -elif [ "$sentMessagesCount" -ge "$warning" ]; then - exit 1 -else - exit 0 -fi diff --git a/library/roles/postfix/files/sasl_smtpd.conf b/library/roles/postfix/files/sasl_smtpd.conf deleted file mode 100644 index 1216a46..0000000 --- a/library/roles/postfix/files/sasl_smtpd.conf +++ /dev/null @@ -1,3 +0,0 @@ -pwcheck_method: saslauthd -mech_list: PLAIN LOGIN - diff --git a/library/roles/postfix/handlers/main.yml b/library/roles/postfix/handlers/main.yml deleted file mode 100644 index 62e759f..0000000 --- a/library/roles/postfix/handlers/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: Update SASL hash - shell: postmap hash:/etc/postfix/sasl_passwd - -- name: Reload postfix - service: name=postfix state=reloaded - when: postfix_enabled | bool - -- name: Restart postfix - service: name=postfix state=restarted - when: postfix_enabled | bool - -- name: Update the network hash table - shell: postmap hash:/etc/postfix/network_table - -- name: start saslauth daemon - service: name=saslauthd state=started enabled=yes - when: postfix_enabled | bool - -- name: restart saslauth daemon - service: name=saslauthd state=restarted - when: postfix_enabled | bool diff --git a/library/roles/postfix/meta/main.yml b/library/roles/postfix/meta/main.yml deleted file mode 100644 index c5ea1b3..0000000 --- a/library/roles/postfix/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -dependencies: - - { role: '../../library/roles/clamav', when: postfix_clamav_milter | bool } - #- { role: '../../library/roles/spamassassin', when: postfix_spamassassin_milter | bool } diff --git a/library/roles/postfix/tasks/main.yml b/library/roles/postfix/tasks/main.yml deleted file mode 100644 index 4bb6b7d..0000000 --- a/library/roles/postfix/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- import_tasks: smtp-common-packages.yml -- import_tasks: smtp-configuration.yml -- import_tasks: postfix_firewalld.yml - when: ansible_distribution_file_variety == "RedHat" -- import_tasks: smtp-sasl-auth.yml - when: - - postfix_use_sasl_auth | bool - - postfix_relay_client | bool -- import_tasks: postfix-relay-server.yml - when: postfix_smtpd_server | bool -- import_tasks: postfix-letsencrypt-hook.yml - when: postfix_use_letsencrypt | bool - diff --git a/library/roles/postfix/tasks/postfix-letsencrypt-hook.yml b/library/roles/postfix/tasks/postfix-letsencrypt-hook.yml deleted file mode 100644 index 202a0b3..0000000 --- a/library/roles/postfix/tasks/postfix-letsencrypt-hook.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Manage the letsencrypt hook for postfix - block: - - name: Create the acme hooks directory if it does not exist - file: dest=/usr/lib/acme/hooks state=directory - - - name: In the past we created a directory instead of a file. Check if it's the case - stat: path=/usr/lib/acme/hooks/postfix - register: postfix_hookdir - - - name: Remove the wrong directory if it's present - file: dest=/usr/lib/acme/hooks/postfix state=absent - when: postfix_hookdir.stat.isdir is defined and postfix_hookdir.stat.isdir - - - name: Install a hook for letsencrypt - template: src=postfix-letsencrypt-hook dest=/usr/lib/acme/hooks/postfix owner=root group=root mode=0555 - - tags: [ 'postfix', 'postfix_letsencrypt', 'letsencrypt' ] diff --git a/library/roles/postfix/tasks/postfix-relay-server.yml b/library/roles/postfix/tasks/postfix-relay-server.yml deleted file mode 100644 index 7e9771b..0000000 --- a/library/roles/postfix/tasks/postfix-relay-server.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Postfix relay, deb specific - block: - - name: Install the sasl2 authentication infrastructure - apt: pkg={{ postfix_sasl_deb_packages }} state=present cache_valid_time=1800 - - - name: Create the sasl run directory inside /var/spool/postfix, for chroot - file: dest=/var/spool/postfix/var/run/saslauthd state=directory owner=root group=root mode=0555 - notify: start saslauth daemon - - - name: Change the socket path because postfix on debian runs inside a chroot jail - action: configfile path=/etc/default/saslauthd key=OPTIONS value='"-c -m /var/spool/postfix/var/run/saslauthd"' syntax=shell - notify: restart saslauth daemon - - - name: Enable the saslauth daemon - action: configfile path=/etc/default/saslauthd key=START value='yes' syntax=shell - - when: ansible_distribution_file_variety == "Debian" - tags: [ 'postfix_relay', 'postfix-relay', 'postfix_sasl' ] - -- name: Postfix relay, rh specific - block: - - name: Install the sasl2 authentication infrastructure - yum: pkg={{ postfix_sasl_rh_packages }} state=present - - - name: Install the SASL configuration - template: src=saslauthd.sysconfig.j2 dest=/etc/sysconfig/saslauthd owner=root group=root mode=0644 - notify: restart saslauth daemon - - - name: Install the ldap configuration for saslauthd - template: src=saslauthd.conf.j2 dest=/etc/saslauthd.conf owner=root group=root mode=0400 - when: postfix_saslauthd_mech == 'ldap' - notify: restart saslauth daemon - - when: ansible_distribution_file_variety == "RedHat" - tags: [ 'postfix_relay', 'postfix-relay', 'postfix_sasl' ] - - -- name: Postfix relay - block: - - name: Create the sasl directory inside /etc/postfix - file: dest=/etc/postfix/sasl state=directory owner=root group=root mode=0555 - - - name: Install the smtpd.conf file inside inside /etc/postfix/sasl - copy: src=sasl_smtpd.conf dest=/etc/postfix/sasl/smtpd.conf owner=root group=root mode=0444 - - - name: Assign the sasl group to the postfix user so that postfix can use the saslauthd socket - user: name=postfix groups='sasl' - notify: Restart postfix - when: ansible_distribution_file_variety == "Debian" - - - name: Ensure that the saslauthd daemon is started and enabled - service: name=saslauthd state=restarted enabled=yes - - tags: [ 'postfix_relay', 'postfix-relay', 'postfix_sasl' ] - diff --git a/library/roles/postfix/tasks/postfix_firewalld.yml b/library/roles/postfix/tasks/postfix_firewalld.yml deleted file mode 100644 index 84d923d..0000000 --- a/library/roles/postfix/tasks/postfix_firewalld.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Manage the postfix firewalld rules - block: - - name: Manage the postfix related services - firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True - with_items: '{{ postfix_firewalld_services }}' - - tags: [ 'postfix', 'firewall', 'firewalld', 'iptables', 'iptables_rules' ] \ No newline at end of file diff --git a/library/roles/postfix/tasks/smtp-common-packages.yml b/library/roles/postfix/tasks/smtp-common-packages.yml deleted file mode 100644 index 618488a..0000000 --- a/library/roles/postfix/tasks/smtp-common-packages.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- block: - - name: Install postfix and libsas to do mail relay on deb systems - apt: pkg={{ postfix_relay_deb_pkgs }} state=present update_cache=yes cache_valid_time=1800 - when: ansible_distribution_file_variety == "Debian" - - - name: Install postfix and libsas to do mail relay on RH systems - yum: pkg={{ postfix_relay_rh_pkgs }} state=present - when: ansible_distribution_file_variety == "RedHat" - - - name: Remove the ssmtp package on RH systems - yum: pkg=ssmtp state=absent - when: ansible_distribution_file_variety == "RedHat" - - - name: Create a DHPARAM file used by TLS - shell: openssl dhparam -out {{ postfix_tls_dhparam_file }} {{ postfix_tls_dhparam_size }} - args: - creates: '{{ postfix_tls_dhparam_file }}' - when: postfix_tls_encryption_level == "old" - notify: Reload postfix - - - name: Download a DHPARAM file from the mozilla ssl configurator site - get_url: url='https://ssl-config.mozilla.org/ffdhe2048.txt' dest={{ postfix_tls_dhparam_file }} - args: - creates: '{{ postfix_tls_dhparam_file }}' - when: postfix_tls_encryption_level != "old" - notify: Reload postfix - - when: postfix_install_packages | bool - tags: [ 'postfix', 'postfix_conf' ] - -- block: - - name: Ensure that postfix is stopped and disabled - service: name=postfix state=stopped enabled=no - - when: - - postfix_install_packages | bool - - not postfix_enabled | bool - tags: postfix - -- block: - - name: Install the postfix NRPE nagios check - copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555 - with_items: '{{ postfix_nagios_checks }}' - - - name: Install the postfix NRPE command configuration - template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444 - notify: Reload NRPE server - - when: - - postfix_install_packages | bool - - postfix_nagios_check | bool - tags: [ 'postfix', 'nagios', 'nrpe' ] - -- block: - - name: Remove postfix and libsas on deb systems - action: apt pkg={{ postfix_relay_deb_pkgs }} state=absent - when: ansible_distribution_file_variety == "Debian" - - - name: Remove postfix and libsas to do mail relay on RH systems - yum: pkg={{ postfix_relay_rh_pkgs }} state=absent - when: ansible_distribution_file_variety == "RedHat" - - when: not postfix_install_packages | bool - tags: postfix diff --git a/library/roles/postfix/tasks/smtp-configuration.yml b/library/roles/postfix/tasks/smtp-configuration.yml deleted file mode 100644 index f6ebdb8..0000000 --- a/library/roles/postfix/tasks/smtp-configuration.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Postfix main configuration - block: - - name: Write the postfix main configuration file - template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444 - register: postfix_main_restart_needed - - - name: The postfix master.cf file adapts to the service role - template: src=master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444 - register: postfix_master_restart_needed - - when: postfix_enabled | bool - tags: [ 'postfix', 'postfix_conf' ] - -- name: Postfix maps installation - block: - - name: Write the postfix network_table map - template: src=network_table.j2 dest=/etc/postfix/network_table owner=root group=root mode=0444 - register: postfix_network_table_status - - - name: Write the postfix virtual_domains map - template: src=virtual_domains.j2 dest=/etc/postfix/virtual_domains owner=root group=root mode=0444 - register: postfix_virtual_domains_status - - - name: Write the postfix transport map - template: src=transport.j2 dest=/etc/postfix/transport owner=root group=root mode=0444 - register: postfix_transport_table_status - when: postfix_transport_map_enabled | bool - - - name: Update the network hash table - shell: postmap hash:/etc/postfix/network_table - when: postfix_network_table_status is changed - - - name: Update the virtual_domains - shell: postmap hash:/etc/postfix/virtual_domains - when: postfix_virtual_domains_status is changed - - - name: Update the transport hash table - shell: postmap hash:/etc/postfix/transport - when: postfix_transport_table_status is changed - - when: postfix_enabled | bool - tags: [ 'postfix', 'postfix_conf', 'postfix_maps' ] - -- block: - - name: Ensure that postfix is started and enabled - service: name=postfix state=started enabled=yes - - - name: Restart postfix - service: name=postfix state=restarted - when: ( postfix_main_restart_needed is changed ) or ( postfix_master_restart_needed is changed ) - - when: postfix_enabled | bool - tags: [ 'postfix', 'postfix_conf' ] diff --git a/library/roles/postfix/tasks/smtp-sasl-auth.yml b/library/roles/postfix/tasks/smtp-sasl-auth.yml deleted file mode 100644 index 6089b2c..0000000 --- a/library/roles/postfix/tasks/smtp-sasl-auth.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Write sasl hash file - template: src=sasl_passwd.j2 dest=/etc/postfix/sasl_passwd owner=root group=root mode=0400 - when: postfix_use_sasl_auth | bool - register: update_sasl_hash - tags: [ 'postfix-relay', 'postfix_relay', 'postfix_sasl_client' ] - -- name: Update SASL hash - shell: postmap hash:/etc/postfix/sasl_passwd - when: update_sasl_hash is changed - tags: [ 'postfix-relay', 'postfix_relay', 'postfix_sasl_client' ] diff --git a/library/roles/postfix/templates/main.cf.explained.j2 b/library/roles/postfix/templates/main.cf.explained.j2 deleted file mode 100644 index 5b751e5..0000000 --- a/library/roles/postfix/templates/main.cf.explained.j2 +++ /dev/null @@ -1,694 +0,0 @@ -{% if postfix_delivery_soft_bounce %} -# SOFT BOUNCE -# -# The soft_bounce parameter provides a limited safety net for -# testing. When soft_bounce is enabled, mail will remain queued that -# would otherwise bounce. This parameter disables locally-generated -# bounces, and prevents the SMTP server from rejecting mail permanently -# (by changing 5xx replies into 4xx replies). However, soft_bounce -# is no cure for address rewriting mistakes or mail routing mistakes. -# -soft_bounce = yes -{% else %} -soft_bounce = no -{% endif %} - -queue_directory = /var/spool/postfix -command_directory = /usr/sbin -daemon_directory = /usr/libexec/postfix -data_directory = /var/lib/postfix -mail_owner = postfix - -# The default_privs parameter specifies the default rights used by -# the local delivery agent for delivery to external file or command. -# These rights are used in the absence of a recipient user context. -# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. -# -#default_privs = nobody - -# INTERNET HOST AND DOMAIN NAMES -# -# The myhostname parameter specifies the internet hostname of this -# mail system. The default is to use the fully-qualified domain name -# from gethostname(). $myhostname is used as a default value for many -# other configuration parameters. -# -myhostname = {{ ansible_fqdn }} -{% if postfix_use_domain_name is defined %} -{% elif domain_name is defined %} -mydomain = {{ domain_name }} -{% else %} -mydomain = {{ ansible_fqdn }} -{% endif %} -{% endif %} - -# SENDING MAIL -# -# The myorigin parameter specifies the domain that locally-posted -# mail appears to come from. The default is to append $myhostname, -# which is fine for small sites. If you run a domain with multiple -# machines, you should (1) change this to $mydomain and (2) set up -# a domain-wide alias database that aliases each user to -# user@that.users.mailhost. -# -# For the sake of consistency between sender and recipient addresses, -# myorigin also specifies the default domain name that is appended -# to recipient addresses that have no @domain part. -# -{% if domain_name is defined %} -myorigin = {{ domain_name }} -{% else %} -myorigin = {{ ansible_fqdn }} -{% endif %} - -# RECEIVING MAIL - -# The inet_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on. By default, -# the software claims all active interfaces on the machine. The -# parameter also controls delivery of mail to user@[ip.address]. -# -# See also the proxy_interfaces parameter, for network addresses that -# are forwarded to us via a proxy or network address translator. -# -# Note: you need to stop/start Postfix when this parameter changes. -# -{% if not postfix_use_inet_interfaces %} -{% if not postfix_relay_server %} -inet_interfaces = localhost -inet_protocols = ipv4 -{% else %} -inet_interfaces = {% for int in postfix_inet_interfaces %}{{ int }}{% if not loop.end%}, {% endif %}{% endfor %} -inet_protocols = {% for proto in postfix_inet_protocols %}{{ proto }}{% if not loop.end%}, {% endif %}{% endfor %} -{% endif %} -{% endif %} - -# The proxy_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on by way of a -# proxy or network address translation unit. This setting extends -# the address list specified with the inet_interfaces parameter. -# -# You must specify your proxy/NAT addresses when your system is a -# backup MX host for other domains, otherwise mail delivery loops -# will happen when the primary MX host is down. -# -#proxy_interfaces = -#proxy_interfaces = 1.2.3.4 -{% if postfix_proxy_interfaces_enabled %} -proxy_interfaces = {% for proxy_int in postfix_proxy_interfaces %}{{ proxy_int }} {% endfor %} -{% endif %} - -# The mydestination parameter specifies the list of domains that this -# machine considers itself the final destination for. -# -# These domains are routed to the delivery agent specified with the -# local_transport parameter setting. By default, that is the UNIX -# compatible delivery agent that lookups all recipients in /etc/passwd -# and /etc/aliases or their equivalent. -# -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. -# -# Do not specify the names of virtual domains - those domains are -# specified elsewhere (see VIRTUAL_README). -# -# Do not specify the names of domains that this machine is backup MX -# host for. Specify those names via the relay_domains settings for -# the SMTP server, or use permit_mx_backup if you are lazy (see -# STANDARD_CONFIGURATION_README). -# -# The local machine is always the final destination for mail addressed -# to user@[the.net.work.address] of an interface that the mail system -# receives mail on (see the inet_interfaces parameter). -# -# Specify a list of host or domain names, /file/name or type:table -# patterns, separated by commas and/or whitespace. A /file/name -# pattern is replaced by its contents; a type:table is matched when -# a name matches a lookup key (the right-hand side is ignored). -# Continue long lines by starting the next line with whitespace. -# -# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". -# -{% if postfix_use_domain_name is defined %} -{% elif domain_name is defined %} -mydestination = {{ ansible_fqdn }}, localhost, {{ domain_name }} -{% else %} -mydestination = {{ ansible_fqdn }}, localhost -{% endif %} -{% endif %} - -# REJECTING MAIL FOR UNKNOWN LOCAL USERS -# -# The local_recipient_maps parameter specifies optional lookup tables -# with all names or addresses of users that are local with respect -# to $mydestination, $inet_interfaces or $proxy_interfaces. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown local users. This parameter is defined by default. -# -# To turn off local recipient checking in the SMTP server, specify -# local_recipient_maps = (i.e. empty). -# -# The default setting assumes that you use the default Postfix local -# delivery agent for local delivery. You need to update the -# local_recipient_maps setting if: -# -# - You define $mydestination domain recipients in files other than -# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. -# For example, you define $mydestination domain recipients in -# the $virtual_mailbox_maps files. -# -# - You redefine the local delivery agent in master.cf. -# -# - You redefine the "local_transport" setting in main.cf. -# -# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" -# feature of the Postfix local delivery agent (see local(8)). -# -# Details are described in the LOCAL_RECIPIENT_README file. -# -# Beware: if the Postfix SMTP server runs chrooted, you probably have -# to access the passwd file via the proxymap service, in order to -# overcome chroot restrictions. The alternative, having a copy of -# the system passwd file in the chroot jail is just not practical. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify a bare username, an @domain.tld -# wild-card, or specify a user@domain.tld address. -# -#local_recipient_maps = unix:passwd.byname $alias_maps -#local_recipient_maps = proxy:unix:passwd.byname $alias_maps -{% if not postfix_local_recipients %} -local_recipient_maps = -{% endif %} - -# The unknown_local_recipient_reject_code specifies the SMTP server -# response code when a recipient domain matches $mydestination or -# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty -# and the recipient address or address local-part is not found. -# -# The default setting is 550 (reject mail) but it is safer to start -# with 450 (try again later) until you are certain that your -# local_recipient_maps settings are OK. -# -{% if postfix_delivery_soft_bounce %} -unknown_local_recipient_reject_code = 450 -{% else %} -unknown_local_recipient_reject_code = 550 -{% endif %} -# TRUST AND RELAY CONTROL - -# The mynetworks parameter specifies the list of "trusted" SMTP -# clients that have more privileges than "strangers". -# -# In particular, "trusted" SMTP clients are allowed to relay mail -# through Postfix. See the smtpd_recipient_restrictions parameter -# in postconf(5). -# -# You can specify the list of "trusted" network addresses by hand -# or you can let Postfix do it for you (which is the default). -# -# By default (mynetworks_style = subnet), Postfix "trusts" SMTP -# clients in the same IP subnetworks as the local machine. -# On Linux, this does works correctly only with interfaces specified -# with the "ifconfig" command. -# -# Specify "mynetworks_style = class" when Postfix should "trust" SMTP -# clients in the same IP class A/B/C networks as the local machine. -# Don't do this with a dialup site - it would cause Postfix to "trust" -# your entire provider's network. Instead, specify an explicit -# mynetworks list by hand, as described below. -# -# Specify "mynetworks_style = host" when Postfix should "trust" -# only the local machine. -# -#mynetworks_style = class -#mynetworks_style = subnet -#mynetworks_style = host - -# Alternatively, you can specify the mynetworks list by hand, in -# which case Postfix ignores the mynetworks_style setting. -# -# Specify an explicit list of network/netmask patterns, where the -# mask specifies the number of bits in the network part of a host -# address. -# -# You can also specify the absolute pathname of a pattern file instead -# of listing the patterns here. Specify type:table for table-based lookups -# (the value on the table right-hand side is not used). -# -#mynetworks = 168.100.189.0/28, 127.0.0.0/8 -#mynetworks = $config_directory/mynetworks -#mynetworks = hash:/etc/postfix/network_table -{% if not postfix_use_inet_interfaces %} -mynetworks = 127.0.0.0/8 -{% else %} -mynetworks = {{ postfix_mynetworks }} -{% endif %} - -# The relay_domains parameter restricts what destinations this system will -# relay mail to. See the smtpd_recipient_restrictions description in -# postconf(5) for detailed information. -# -# By default, Postfix relays mail -# - from "trusted" clients (IP address matches $mynetworks) to any destination, -# - from "untrusted" clients to destinations that match $relay_domains or -# subdomains thereof, except addresses with sender-specified routing. -# The default relay_domains value is $mydestination. -# -# In addition to the above, the Postfix SMTP server by default accepts mail -# that Postfix is final destination for: -# - destinations that match $inet_interfaces or $proxy_interfaces, -# - destinations that match $mydestination -# - destinations that match $virtual_alias_domains, -# - destinations that match $virtual_mailbox_domains. -# These destinations do not need to be listed in $relay_domains. -# -# Specify a list of hosts or domains, /file/name patterns or type:name -# lookup tables, separated by commas and/or whitespace. Continue -# long lines by starting the next line with whitespace. A file name -# is replaced by its contents; a type:name table is matched when a -# (parent) domain appears as lookup key. -# -# NOTE: Postfix will not automatically forward mail for domains that -# list this system as their primary or backup MX host. See the -# permit_mx_backup restriction description in postconf(5). -# -#relay_domains = $mydestination - -# INTERNET OR INTRANET - -# The relayhost parameter specifies the default host to send mail to -# when no entry is matched in the optional transport(5) table. When -# no relayhost is given, mail is routed directly to the destination. -# -# On an intranet, specify the organizational domain name. If your -# internal DNS uses no MX records, specify the name of the intranet -# gateway host instead. -# -# In the case of SMTP, specify a domain, host, host:port, [host]:port, -# [address] or [address]:port; the form [host] turns off MX lookups. -# -# If you're connected via UUCP, see also the default_transport parameter. -# -{% if postfix_use_relay_host %} -relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }} -{% endif %} - -# REJECTING UNKNOWN RELAY USERS -# -# The relay_recipient_maps parameter specifies optional lookup tables -# with all addresses in the domains that match $relay_domains. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown relay users. This feature is off by default. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify an @domain.tld wild-card, or specify -# a user@domain.tld address. -# -#relay_recipient_maps = hash:/etc/postfix/relay_recipients - -# INPUT RATE CONTROL -# -# The in_flow_delay configuration parameter implements mail input -# flow control. This feature is turned on by default, although it -# still needs further development (it's disabled on SCO UNIX due -# to an SCO bug). -# -# A Postfix process will pause for $in_flow_delay seconds before -# accepting a new message, when the message arrival rate exceeds the -# message delivery rate. With the default 100 SMTP server process -# limit, this limits the mail inflow to 100 messages a second more -# than the number of messages delivered per second. -# -# Specify 0 to disable the feature. Valid delays are 0..10. -# -#in_flow_delay = 1s - -# ADDRESS REWRITING -# -# The ADDRESS_REWRITING_README document gives information about -# address masquerading or other forms of address rewriting including -# username->Firstname.Lastname mapping. - -# ADDRESS REDIRECTION (VIRTUAL DOMAIN) -# -# The VIRTUAL_README document gives information about the many forms -# of domain hosting that Postfix supports. - -# "USER HAS MOVED" BOUNCE MESSAGES -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# TRANSPORT MAP -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# ALIAS DATABASE -# -# The alias_maps parameter specifies the list of alias databases used -# by the local delivery agent. The default list is system dependent. -# -# On systems with NIS, the default is to search the local alias -# database, then the NIS alias database. See aliases(5) for syntax -# details. -# -# If you change the alias database, run "postalias /etc/aliases" (or -# wherever your system stores the mail alias file), or simply run -# "newaliases" to build the necessary DBM or DB file. -# -# It will take a minute or so before changes become visible. Use -# "postfix reload" to eliminate the delay. -# -alias_maps = {% for alias in postfix_alias_maps %}{{ alias }}{% if not loop.end%}, {% endif %}{% endfor %} - -# The alias_database parameter specifies the alias database(s) that -# are built with "newaliases" or "sendmail -bi". This is a separate -# configuration parameter, because alias_maps (see above) may specify -# tables that are not necessarily all under control by Postfix. -# -alias_database = {% for dbalias in postfix_alias_databases %}{{ dbalias }}{% if not loop.end%}, {% endif %}{% endfor %} - -# ADDRESS EXTENSIONS (e.g., user+foo) -# -# The recipient_delimiter parameter specifies the separator between -# user names and address extensions (user+foo). See canonical(5), -# local(8), relocated(5) and virtual(5) for the effects this has on -# aliases, canonical, virtual, relocated and .forward file lookups. -# Basically, the software tries user+foo and .forward+foo before -# trying user and .forward. -# -recipient_delimiter = {{ postfix_recipient_delimiter }} - -# DELIVERY TO MAILBOX -# -# The home_mailbox parameter specifies the optional pathname of a -# mailbox file relative to a user's home directory. The default -# mailbox file is /var/spool/mail/user or /var/mail/user. Specify -# "Maildir/" for qmail-style delivery (the / is required). -# -#home_mailbox = Mailbox -#home_mailbox = Maildir/ - -# The mail_spool_directory parameter specifies the directory where -# UNIX-style mailboxes are kept. The default setting depends on the -# system type. -# -#mail_spool_directory = /var/mail -#mail_spool_directory = /var/spool/mail - -# The mailbox_command parameter specifies the optional external -# command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME environment settings. -# Exception: delivery for root is done as $default_user. -# -# Other environment variables of interest: USER (recipient username), -# EXTENSION (address extension), DOMAIN (domain part of address), -# and LOCAL (the address localpart). -# -# Unlike other Postfix configuration parameters, the mailbox_command -# parameter is not subjected to $parameter substitutions. This is to -# make it easier to specify shell syntax (see example below). -# -# Avoid shell meta characters because they will force Postfix to run -# an expensive shell process. Procmail alone is expensive enough. -# -# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN -# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. -# -#mailbox_command = /some/where/procmail -#mailbox_command = /some/where/procmail -a "$EXTENSION" - -# The mailbox_transport specifies the optional transport in master.cf -# to use after processing aliases and .forward files. This parameter -# has precedence over the mailbox_command, fallback_transport and -# luser_relay parameters. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" -# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. -#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp - -# If using the cyrus-imapd IMAP server deliver local mail to the IMAP -# server using LMTP (Local Mail Transport Protocol), this is prefered -# over the older cyrus deliver program by setting the -# mailbox_transport as below: -# -# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp -# -# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via -# these settings. -# -# local_destination_recipient_limit = 300 -# local_destination_concurrency_limit = 5 -# -# Of course you should adjust these settings as appropriate for the -# capacity of the hardware you are using. The recipient limit setting -# can be used to take advantage of the single instance message store -# capability of Cyrus. The concurrency limit can be used to control -# how many simultaneous LMTP sessions will be permitted to the Cyrus -# message store. -# -# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and -# subsequent line in master.cf. -#mailbox_transport = cyrus - -# The fallback_transport specifies the optional transport in master.cf -# to use for recipients that are not found in the UNIX passwd database. -# This parameter has precedence over the luser_relay parameter. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp -#fallback_transport = -{% if postfix_inet_lmtp_enabled %} -virtual_transport = lmtp:inet:{{ postfix_inet_lmtp_host }}:{{ postfix_inet_lmtp_port }} -{% endif %} - -{% if postfix_virtual_addresses %} -virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }} -virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %} -virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %} -{% endif %} - -# The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown@$mydestination, -# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned -# as undeliverable. -# -# The following expansions are done on luser_relay: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $local (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# -# luser_relay works only for the default Postfix local delivery agent. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must specify "local_recipient_maps =" (i.e. empty) in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#luser_relay = $user@other.host -#luser_relay = $local@other.host -#luser_relay = admin+$local - -# JUNK MAIL CONTROLS -# -# The controls listed here are only a very small subset. The file -# SMTPD_ACCESS_README provides an overview. - -# The header_checks parameter specifies an optional table with patterns -# that each logical message header is matched against, including -# headers that span multiple physical lines. -# -# By default, these patterns also apply to MIME headers and to the -# headers of attached messages. With older Postfix versions, MIME and -# attached message headers were treated as body text. -# -# For details, see "man header_checks". -# -#header_checks = regexp:/etc/postfix/header_checks - -# -# UCE/RBL -# -disable_vrfy_command = yes -smtpd_delay_reject = yes -smtpd_helo_required = yes - -{% if postfix_smtpd_server %} -smtpd_client_restrictions = - permit_mynetworks - permit_inet_interfaces -{% endif %} - -# FAST ETRN SERVICE -# -# Postfix maintains per-destination logfiles with information about -# deferred mail, so that mail can be flushed quickly with the SMTP -# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". -# See the ETRN_README document for a detailed description. -# -# The fast_flush_domains parameter controls what destinations are -# eligible for this service. By default, they are all domains that -# this server is willing to relay mail to. -# -#fast_flush_domains = $relay_domains - -# SHOW SOFTWARE VERSION OR NOT -# -# The smtpd_banner parameter specifies the text that follows the 220 -# code in the SMTP server's greeting banner. Some people like to see -# the mail version advertised. By default, Postfix shows no version. -# -# You MUST specify $myhostname at the start of the text. That is an -# RFC requirement. Postfix itself does not care. -# -#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) -smtpd_banner = $myhostname ESMTP $mail_name - -# PARALLEL DELIVERY TO THE SAME DESTINATION -# -# How many parallel deliveries to the same user or domain? With local -# delivery, it does not make sense to do massively parallel delivery -# to the same user, because mailbox updates must happen sequentially, -# and expensive pipelines in .forward files can cause disasters when -# too many are run at the same time. With SMTP deliveries, 10 -# simultaneous connections to the same domain could be sufficient to -# raise eyebrows. -# -# Each message delivery transport has its XXX_destination_concurrency_limit -# parameter. The default is $default_destination_concurrency_limit for -# most delivery transports. For the local delivery agent the default is 2. - -local_destination_concurrency_limit = {{ postfix_local_dest_concurrency_limit }} -default_destination_concurrency_limit = {{ postfix_default_destination_concurrency_limit }} - -# DEBUGGING CONTROL -# -# The debug_peer_level parameter specifies the increment in verbose -# logging level when an SMTP client or server host name or address -# matches a pattern in the debug_peer_list parameter. -# -debug_peer_level = 2 - -# The debug_peer_list parameter specifies an optional list of domain -# or network patterns, /file/name patterns or type:name tables. When -# an SMTP client or server host name or address matches a pattern, -# increase the verbose logging level by the amount specified in the -# debug_peer_level parameter. -# -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -# The debugger_command specifies the external command that is executed -# when a Postfix daemon program is run with the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -#debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin -# ddd $daemon_directory/$process_name $process_id & sleep 5 - -# If you can't use X, use this to capture the call stack when a -# daemon crashes. The result is in a file in the configuration -# directory, and is named after the process name and the process ID. -# -# debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; -# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 -# >$config_directory/$process_name.$process_id.log & sleep 5 -# -# Another possibility is to run gdb under a detached screen session. -# To attach to the screen sesssion, su root and run "screen -r -# " where uniquely matches one of the detached -# sessions (from "screen -list"). -# -# debugger_command = -# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen -# -dmS $process_name gdb $daemon_directory/$process_name -# $process_id & sleep 1 - -# INSTALL-TIME CONFIGURATION INFORMATION -# -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail.postfix - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases.postfix - -# mailq_path: The full pathname of the Postfix mailq command. This -# is the Sendmail-compatible mail queue listing command. -# -mailq_path = /usr/bin/mailq.postfix - -# setgid_group: The group for mail submission and queue management -# commands. This must be a group name with a numerical group ID that -# is not shared with other accounts, not even with the Postfix account. -# -setgid_group = postdrop - -# html_directory: The location of the Postfix HTML documentation. -# -html_directory = no - -# manpage_directory: The location of the Postfix on-line manual pages. -# -manpage_directory = /usr/share/man - -# readme_directory: The location of the Postfix README files. -# -readme_directory = no - -# TLS parameters -# Server -{% if letsencrypt_acme_install is defined %} -{% if postfix_use_letsencrypt %} -smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert -smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey -{% else %} -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key -{% endif %} -{% endif %} -{% if letsencrypt_acme_install is not defined %} -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key -{% endif %} -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -{% if postfix_smtpd_server %} -smtpd_tls_security_level = encrypt -smtpd_tls_auth_only = yes -{% endif %} -smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }} -# Client -smtp_tls_security_level = {{ postfix_smtp_tls_security_level }} -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache diff --git a/library/roles/postfix/templates/main.cf.j2 b/library/roles/postfix/templates/main.cf.j2 deleted file mode 100644 index 279d21d..0000000 --- a/library/roles/postfix/templates/main.cf.j2 +++ /dev/null @@ -1,817 +0,0 @@ -{% if postfix_delivery_soft_bounce %} -# SOFT BOUNCE -# -# The soft_bounce parameter provides a limited safety net for -# testing. When soft_bounce is enabled, mail will remain queued that -# would otherwise bounce. This parameter disables locally-generated -# bounces, and prevents the SMTP server from rejecting mail permanently -# (by changing 5xx replies into 4xx replies). However, soft_bounce -# is no cure for address rewriting mistakes or mail routing mistakes. -# -soft_bounce = yes -{% else %} -soft_bounce = no -{% endif %} - -queue_directory = /var/spool/postfix -command_directory = /usr/sbin -daemon_directory = /usr/libexec/postfix -data_directory = /var/lib/postfix -mail_owner = postfix - -# The default_privs parameter specifies the default rights used by -# the local delivery agent for delivery to external file or command. -# These rights are used in the absence of a recipient user context. -# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. -# -#default_privs = nobody - -# INTERNET HOST AND DOMAIN NAMES -# -# The myhostname parameter specifies the internet hostname of this -# mail system. The default is to use the fully-qualified domain name -# from gethostname(). $myhostname is used as a default value for many -# other configuration parameters. -# -myhostname = {{ ansible_fqdn }} -{% if postfix_use_domain_name is defined %} -{% elif domain_name is defined %} -mydomain = {{ domain_name }} -{% else %} -mydomain = {{ ansible_fqdn }} -{% endif %} - -# SENDING MAIL -# -# The myorigin parameter specifies the domain that locally-posted -# mail appears to come from. The default is to append $myhostname, -# which is fine for small sites. If you run a domain with multiple -# machines, you should (1) change this to $mydomain and (2) set up -# a domain-wide alias database that aliases each user to -# user@that.users.mailhost. -# -# For the sake of consistency between sender and recipient addresses, -# myorigin also specifies the default domain name that is appended -# to recipient addresses that have no @domain part. -# -{% if domain_name is defined %} -myorigin = {{ domain_name }} -{% else %} -myorigin = {{ ansible_fqdn }} -{% endif %} - -# RECEIVING MAIL - -# The inet_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on. By default, -# the software claims all active interfaces on the machine. The -# parameter also controls delivery of mail to user@[ip.address]. -# -# See also the proxy_interfaces parameter, for network addresses that -# are forwarded to us via a proxy or network address translator. -# -# Note: you need to stop/start Postfix when this parameter changes. -# -{% if postfix_use_inet_interfaces %} -{% if not postfix_smtpd_server %} -inet_interfaces = localhost -inet_protocols = ipv4 -{% else %} -inet_interfaces = {% for int in postfix_inet_interfaces %}{{ int }}{% if not loop.last %}, {% endif %}{% endfor %} - -inet_protocols = {% for proto in postfix_inet_protocols %}{{ proto }}{% if not loop.last %}, {% endif %}{% endfor %} -{% endif %} -{% endif %} - -# The proxy_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on by way of a -# proxy or network address translation unit. This setting extends -# the address list specified with the inet_interfaces parameter. -# -# You must specify your proxy/NAT addresses when your system is a -# backup MX host for other domains, otherwise mail delivery loops -# will happen when the primary MX host is down. -# -#proxy_interfaces = -#proxy_interfaces = 1.2.3.4 -{% if postfix_proxy_interfaces_enabled %} -proxy_interfaces = {% for proxy_int in postfix_proxy_interfaces %}{{ proxy_int }} {% endfor %} -{% endif %} - -# The mydestination parameter specifies the list of domains that this -# machine considers itself the final destination for. -# -# These domains are routed to the delivery agent specified with the -# local_transport parameter setting. By default, that is the UNIX -# compatible delivery agent that lookups all recipients in /etc/passwd -# and /etc/aliases or their equivalent. -# -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. -# -# Do not specify the names of virtual domains - those domains are -# specified elsewhere (see VIRTUAL_README). -# -# Do not specify the names of domains that this machine is backup MX -# host for. Specify those names via the relay_domains settings for -# the SMTP server, or use permit_mx_backup if you are lazy (see -# STANDARD_CONFIGURATION_README). -# -# The local machine is always the final destination for mail addressed -# to user@[the.net.work.address] of an interface that the mail system -# receives mail on (see the inet_interfaces parameter). -# -# Specify a list of host or domain names, /file/name or type:table -# patterns, separated by commas and/or whitespace. A /file/name -# pattern is replaced by its contents; a type:table is matched when -# a name matches a lookup key (the right-hand side is ignored). -# Continue long lines by starting the next line with whitespace. -# -# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". -# -{% if postfix_use_domain_name is defined %} -{% elif domain_name is defined %} -mydestination = {{ ansible_fqdn }}, localhost, {{ domain_name }} -{% else %} -mydestination = {{ ansible_fqdn }}, localhost -{% endif %} - -# REJECTING MAIL FOR UNKNOWN LOCAL USERS -# -# The local_recipient_maps parameter specifies optional lookup tables -# with all names or addresses of users that are local with respect -# to $mydestination, $inet_interfaces or $proxy_interfaces. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown local users. This parameter is defined by default. -# -# To turn off local recipient checking in the SMTP server, specify -# local_recipient_maps = (i.e. empty). -# -# The default setting assumes that you use the default Postfix local -# delivery agent for local delivery. You need to update the -# local_recipient_maps setting if: -# -# - You define $mydestination domain recipients in files other than -# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. -# For example, you define $mydestination domain recipients in -# the $virtual_mailbox_maps files. -# -# - You redefine the local delivery agent in master.cf. -# -# - You redefine the "local_transport" setting in main.cf. -# -# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" -# feature of the Postfix local delivery agent (see local(8)). -# -# Details are described in the LOCAL_RECIPIENT_README file. -# -# Beware: if the Postfix SMTP server runs chrooted, you probably have -# to access the passwd file via the proxymap service, in order to -# overcome chroot restrictions. The alternative, having a copy of -# the system passwd file in the chroot jail is just not practical. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify a bare username, an @domain.tld -# wild-card, or specify a user@domain.tld address. -# -#local_recipient_maps = unix:passwd.byname $alias_maps -#local_recipient_maps = proxy:unix:passwd.byname $alias_maps -{% if postfix_virtual_transport_enabled %} -local_recipient_maps = -{% elif not postfix_local_recipients %} -#local_recipient_maps = -{% endif %} - -# The unknown_local_recipient_reject_code specifies the SMTP server -# response code when a recipient domain matches $mydestination or -# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty -# and the recipient address or address local-part is not found. -# -# The default setting is 550 (reject mail) but it is safer to start -# with 450 (try again later) until you are certain that your -# local_recipient_maps settings are OK. -# -{% if postfix_delivery_soft_bounce %} -unknown_local_recipient_reject_code = 450 -{% else %} -unknown_local_recipient_reject_code = 550 -{% endif %} -# TRUST AND RELAY CONTROL - -# The mynetworks parameter specifies the list of "trusted" SMTP -# clients that have more privileges than "strangers". -# -# In particular, "trusted" SMTP clients are allowed to relay mail -# through Postfix. See the smtpd_recipient_restrictions parameter -# in postconf(5). -# -# You can specify the list of "trusted" network addresses by hand -# or you can let Postfix do it for you (which is the default). -# -# By default (mynetworks_style = subnet), Postfix "trusts" SMTP -# clients in the same IP subnetworks as the local machine. -# On Linux, this does works correctly only with interfaces specified -# with the "ifconfig" command. -# -# Specify "mynetworks_style = class" when Postfix should "trust" SMTP -# clients in the same IP class A/B/C networks as the local machine. -# Don't do this with a dialup site - it would cause Postfix to "trust" -# your entire provider's network. Instead, specify an explicit -# mynetworks list by hand, as described below. -# -# Specify "mynetworks_style = host" when Postfix should "trust" -# only the local machine. -# -#mynetworks_style = class -#mynetworks_style = subnet -#mynetworks_style = host - -# Alternatively, you can specify the mynetworks list by hand, in -# which case Postfix ignores the mynetworks_style setting. -# -# Specify an explicit list of network/netmask patterns, where the -# mask specifies the number of bits in the network part of a host -# address. -# -# You can also specify the absolute pathname of a pattern file instead -# of listing the patterns here. Specify type:table for table-based lookups -# (the value on the table right-hand side is not used). -# -#mynetworks = 168.100.189.0/28, 127.0.0.0/8 -#mynetworks = $config_directory/mynetworks -#mynetworks = hash:/etc/postfix/network_table -{% if not postfix_use_inet_interfaces %} -mynetworks = 127.0.0.0/8 -{% else %} -mynetworks = {{ postfix_mynetworks }} -{% endif %} - -# The relay_domains parameter restricts what destinations this system will -# relay mail to. See the smtpd_recipient_restrictions description in -# postconf(5) for detailed information. -# -# By default, Postfix relays mail -# - from "trusted" clients (IP address matches $mynetworks) to any destination, -# - from "untrusted" clients to destinations that match $relay_domains or -# subdomains thereof, except addresses with sender-specified routing. -# The default relay_domains value is $mydestination. -# -# In addition to the above, the Postfix SMTP server by default accepts mail -# that Postfix is final destination for: -# - destinations that match $inet_interfaces or $proxy_interfaces, -# - destinations that match $mydestination -# - destinations that match $virtual_alias_domains, -# - destinations that match $virtual_mailbox_domains. -# These destinations do not need to be listed in $relay_domains. -# -# Specify a list of hosts or domains, /file/name patterns or type:name -# lookup tables, separated by commas and/or whitespace. Continue -# long lines by starting the next line with whitespace. A file name -# is replaced by its contents; a type:name table is matched when a -# (parent) domain appears as lookup key. -# -# NOTE: Postfix will not automatically forward mail for domains that -# list this system as their primary or backup MX host. See the -# permit_mx_backup restriction description in postconf(5). -# -#relay_domains = $mydestination - -# INTERNET OR INTRANET - -# The relayhost parameter specifies the default host to send mail to -# when no entry is matched in the optional transport(5) table. When -# no relayhost is given, mail is routed directly to the destination. -# -# On an intranet, specify the organizational domain name. If your -# internal DNS uses no MX records, specify the name of the intranet -# gateway host instead. -# -# In the case of SMTP, specify a domain, host, host:port, [host]:port, -# [address] or [address]:port; the form [host] turns off MX lookups. -# -# If you're connected via UUCP, see also the default_transport parameter. -# -{% if postfix_use_relay_host %} -relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }} -{% endif %} - -# REJECTING UNKNOWN RELAY USERS -# -# The relay_recipient_maps parameter specifies optional lookup tables -# with all addresses in the domains that match $relay_domains. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown relay users. This feature is off by default. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify an @domain.tld wild-card, or specify -# a user@domain.tld address. -# -#relay_recipient_maps = hash:/etc/postfix/relay_recipients - -# INPUT RATE CONTROL -# -# The in_flow_delay configuration parameter implements mail input -# flow control. This feature is turned on by default, although it -# still needs further development (it's disabled on SCO UNIX due -# to an SCO bug). -# -# A Postfix process will pause for $in_flow_delay seconds before -# accepting a new message, when the message arrival rate exceeds the -# message delivery rate. With the default 100 SMTP server process -# limit, this limits the mail inflow to 100 messages a second more -# than the number of messages delivered per second. -# -# Specify 0 to disable the feature. Valid delays are 0..10. -# -#in_flow_delay = 1s - -# ADDRESS REWRITING -# -# The ADDRESS_REWRITING_README document gives information about -# address masquerading or other forms of address rewriting including -# username->Firstname.Lastname mapping. - -# ADDRESS REDIRECTION (VIRTUAL DOMAIN) -# -# The VIRTUAL_README document gives information about the many forms -# of domain hosting that Postfix supports. - -# "USER HAS MOVED" BOUNCE MESSAGES -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# TRANSPORT MAP -# -# See the discussion in the ADDRESS_REWRITING_README document. -{% if postfix_transport_map_enabled %} -transport_maps = {% for tmap in postfix_transport_maps %}{{ tmap }}{% if not loop.last %}, {% endif %}{% endfor %} -{% endif %} - - -# ALIAS DATABASE -# -# The alias_maps parameter specifies the list of alias databases used -# by the local delivery agent. The default list is system dependent. -# -# On systems with NIS, the default is to search the local alias -# database, then the NIS alias database. See aliases(5) for syntax -# details. -# -# If you change the alias database, run "postalias /etc/aliases" (or -# wherever your system stores the mail alias file), or simply run -# "newaliases" to build the necessary DBM or DB file. -# -# It will take a minute or so before changes become visible. Use -# "postfix reload" to eliminate the delay. -# -alias_maps = {% for alias in postfix_alias_maps %}{{ alias }}{% if not loop.last %}, {% endif %}{% endfor %} - -# The alias_database parameter specifies the alias database(s) that -# are built with "newaliases" or "sendmail -bi". This is a separate -# configuration parameter, because alias_maps (see above) may specify -# tables that are not necessarily all under control by Postfix. -# -alias_database = {% for dbalias in postfix_alias_databases %}{{ dbalias }}{% if not loop.last %}, {% endif %}{% endfor %} - -# ADDRESS EXTENSIONS (e.g., user+foo) -# -# The recipient_delimiter parameter specifies the separator between -# user names and address extensions (user+foo). See canonical(5), -# local(8), relocated(5) and virtual(5) for the effects this has on -# aliases, canonical, virtual, relocated and .forward file lookups. -# Basically, the software tries user+foo and .forward+foo before -# trying user and .forward. -# -recipient_delimiter = {{ postfix_recipient_delimiter }} - -# DELIVERY TO MAILBOX -# -# The home_mailbox parameter specifies the optional pathname of a -# mailbox file relative to a user's home directory. The default -# mailbox file is /var/spool/mail/user or /var/mail/user. Specify -# "Maildir/" for qmail-style delivery (the / is required). -# -#home_mailbox = Mailbox -#home_mailbox = Maildir/ - -# The mail_spool_directory parameter specifies the directory where -# UNIX-style mailboxes are kept. The default setting depends on the -# system type. -# -#mail_spool_directory = /var/mail -#mail_spool_directory = /var/spool/mail - -# The mailbox_command parameter specifies the optional external -# command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME environment settings. -# Exception: delivery for root is done as $default_user. -# -# Other environment variables of interest: USER (recipient username), -# EXTENSION (address extension), DOMAIN (domain part of address), -# and LOCAL (the address localpart). -# -# Unlike other Postfix configuration parameters, the mailbox_command -# parameter is not subjected to $parameter substitutions. This is to -# make it easier to specify shell syntax (see example below). -# -# Avoid shell meta characters because they will force Postfix to run -# an expensive shell process. Procmail alone is expensive enough. -# -# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN -# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. -# -#mailbox_command = /some/where/procmail -#mailbox_command = /some/where/procmail -a "$EXTENSION" - -# The mailbox_transport specifies the optional transport in master.cf -# to use after processing aliases and .forward files. This parameter -# has precedence over the mailbox_command, fallback_transport and -# luser_relay parameters. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" -# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. -#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp - -# If using the cyrus-imapd IMAP server deliver local mail to the IMAP -# server using LMTP (Local Mail Transport Protocol), this is prefered -# over the older cyrus deliver program by setting the -# mailbox_transport as below: -# -# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp -# -# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via -# these settings. -# -# local_destination_recipient_limit = 300 -# local_destination_concurrency_limit = 5 -# -# Of course you should adjust these settings as appropriate for the -# capacity of the hardware you are using. The recipient limit setting -# can be used to take advantage of the single instance message store -# capability of Cyrus. The concurrency limit can be used to control -# how many simultaneous LMTP sessions will be permitted to the Cyrus -# message store. -# -# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and -# subsequent line in master.cf. -#mailbox_transport = cyrus - -# The fallback_transport specifies the optional transport in master.cf -# to use for recipients that are not found in the UNIX passwd database. -# This parameter has precedence over the luser_relay parameter. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp -#fallback_transport = -{% if postfix_virtual_transport_enabled %} -virtual_transport = {{ postfix_virtual_transport_protocol }}:{{ postfix_lmtp_protocol }}:{{ postfix_lmtp_host }}:{{ postfix_lmtp_port }} - -virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }} -virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %} - -{% endif %} - -{% if postfix_virtual_domains %} -virtual_alias_domains = {{ postfix_virtual_alias_domains }} -{% endif %} -{% if postfix_virtual_addresses %} -virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %} - -virtual_mailbox_limit = {{ postfix_message_size_limit }} -{% endif %} - -# The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown@$mydestination, -# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned -# as undeliverable. -# -# The following expansions are done on luser_relay: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $local (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# -# luser_relay works only for the default Postfix local delivery agent. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must specify "local_recipient_maps =" (i.e. empty) in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#luser_relay = $user@other.host -#luser_relay = $local@other.host -#luser_relay = admin+$local - -# JUNK MAIL CONTROLS -# -# The controls listed here are only a very small subset. The file -# SMTPD_ACCESS_README provides an overview. - -# The header_checks parameter specifies an optional table with patterns -# that each logical message header is matched against, including -# headers that span multiple physical lines. -# -# By default, these patterns also apply to MIME headers and to the -# headers of attached messages. With older Postfix versions, MIME and -# attached message headers were treated as body text. -# -# For details, see "man header_checks". -# -#header_checks = regexp:/etc/postfix/header_checks - -# -# UCE/RBL -# -disable_vrfy_command = yes -smtpd_delay_reject = yes -smtpd_helo_required = yes - -mailbox_size_limit = {{ postfix_message_size_limit }} -message_size_limit = {{ postfix_message_size_limit }} - -{% if postfix_use_milter %} -# -# MILTER CONFIGURATION -# -# clamav, milter-greylist, spamassassin -# -#milter_connect_timeout = 30s -#milter_command_timeout = 30s -#milter_content_timeout = 300s -#milter_protocol = 2 -# What to do in case of errors? Specify accept, reject, tempfail, -# or quarantine (Postfix 2.6 or later). -milter_default_action = {{ postfix_milter_action }} -smtpd_milters = -{% if postfix_spamassassin_milter %} - {{ postfix_spamassassin_milter_socket }} -{% endif %} -{% if postfix_clamav_milter %} - {{ postfix_clamav_milter_socket }} -{% endif %} -{% endif %} - -{% if postfix_smtpd_server %} -smtpd_client_restrictions = - permit_mynetworks - permit_inet_interfaces -{% if postfix_submission_server %} - permit_sasl_authenticated -{% endif %} -{% if postfix_mx_server %} - reject_unknown_sender_domain - reject_non_fqdn_sender - reject_non_fqdn_recipient - reject_invalid_hostname -# reject_non_fqdn_hostname - reject_unauth_destination - reject_unknown_recipient_domain - reject_unlisted_recipient -{% if postfix_rbl_enabled %} - reject_rbl_client {{ postfix_rbl_list }} -{% endif %} -{% endif %} -{% if postfix_mx_server %} - permit -{% else %} - reject -{% endif %} -{% if postfix_submission_server %} -smtpd_sasl_path = smtpd -smtpd_sasl_auth_enable = yes -smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }} -smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }} -smtpd_sasl_authenticated_header = yes -broken_sasl_auth_clients = yes -# Block clients that speak too early. -smtpd_data_restrictions = reject_unauth_pipelining -{% endif %} -{% if postfix_smtpd_reject_unknown_helo_hostname %} -# Don't talk to mail systems that don't know their own hostname. Use with care: it breaks most dialup setups -smtpd_helo_restrictions = reject_unknown_helo_hostname -{% endif %} -{% if postfix_reject_unknown_sender_domain %} -# Don't accept mail from domains that don't exist. -smtpd_sender_restrictions = reject_unknown_sender_domain -{% endif %} -{% if postfix_submission_server %} -# Relay control: local clients and -# authenticated clients may specify any destination domain. -smtpd_relay_restrictions = permit_sasl_authenticated, reject -{% endif %} -{% if postfix_behind_haproxy %} -smtpd_upstream_proxy_protocol=haproxy -{% endif %} -{% endif %} - -# FAST ETRN SERVICE -# -# Postfix maintains per-destination logfiles with information about -# deferred mail, so that mail can be flushed quickly with the SMTP -# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". -# See the ETRN_README document for a detailed description. -# -# The fast_flush_domains parameter controls what destinations are -# eligible for this service. By default, they are all domains that -# this server is willing to relay mail to. -# -#fast_flush_domains = $relay_domains - -# SHOW SOFTWARE VERSION OR NOT -# -# The smtpd_banner parameter specifies the text that follows the 220 -# code in the SMTP server's greeting banner. Some people like to see -# the mail version advertised. By default, Postfix shows no version. -# -# You MUST specify $myhostname at the start of the text. That is an -# RFC requirement. Postfix itself does not care. -# -#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) -smtpd_banner = $myhostname ESMTP $mail_name - -# PARALLEL DELIVERY TO THE SAME DESTINATION -# -# How many parallel deliveries to the same user or domain? With local -# delivery, it does not make sense to do massively parallel delivery -# to the same user, because mailbox updates must happen sequentially, -# and expensive pipelines in .forward files can cause disasters when -# too many are run at the same time. With SMTP deliveries, 10 -# simultaneous connections to the same domain could be sufficient to -# raise eyebrows. -# -# Each message delivery transport has its XXX_destination_concurrency_limit -# parameter. The default is $default_destination_concurrency_limit for -# most delivery transports. For the local delivery agent the default is 2. - -local_destination_concurrency_limit = {{ postfix_local_dest_concurrency_limit }} -default_destination_concurrency_limit = {{ postfix_default_destination_concurrency_limit }} - -# DEBUGGING CONTROL -# -# The debug_peer_level parameter specifies the increment in verbose -# logging level when an SMTP client or server host name or address -# matches a pattern in the debug_peer_list parameter. -# -debug_peer_level = 2 - -# The debug_peer_list parameter specifies an optional list of domain -# or network patterns, /file/name patterns or type:name tables. When -# an SMTP client or server host name or address matches a pattern, -# increase the verbose logging level by the amount specified in the -# debug_peer_level parameter. -# -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -# The debugger_command specifies the external command that is executed -# when a Postfix daemon program is run with the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -#debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin -# ddd $daemon_directory/$process_name $process_id & sleep 5 - -# If you can't use X, use this to capture the call stack when a -# daemon crashes. The result is in a file in the configuration -# directory, and is named after the process name and the process ID. -# -# debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; -# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 -# >$config_directory/$process_name.$process_id.log & sleep 5 -# -# Another possibility is to run gdb under a detached screen session. -# To attach to the screen sesssion, su root and run "screen -r -# " where uniquely matches one of the detached -# sessions (from "screen -list"). -# -# debugger_command = -# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen -# -dmS $process_name gdb $daemon_directory/$process_name -# $process_id & sleep 1 - -# INSTALL-TIME CONFIGURATION INFORMATION -# -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail.postfix - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases.postfix - -# mailq_path: The full pathname of the Postfix mailq command. This -# is the Sendmail-compatible mail queue listing command. -# -mailq_path = /usr/bin/mailq.postfix - -# setgid_group: The group for mail submission and queue management -# commands. This must be a group name with a numerical group ID that -# is not shared with other accounts, not even with the Postfix account. -# -setgid_group = postdrop - -# html_directory: The location of the Postfix HTML documentation. -# -html_directory = no - -# manpage_directory: The location of the Postfix on-line manual pages. -# -manpage_directory = /usr/share/man - -# readme_directory: The location of the Postfix README files. -# -readme_directory = no - -# TLS parameters -{% if letsencrypt_acme_install is defined %} -{% if postfix_use_letsencrypt %} -smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain -smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/fullchain -smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey -{% else %} -smtpd_tls_CAfile=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key -{% endif %} -{% endif %} -{% if letsencrypt_acme_install is not defined %} -smtpd_tls_CAfile=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key -{% endif %} -{% if postfix_tls_encryption_level == 'intermediate' %} -# 2019-12-11, https://ssl-config.mozilla.org/#server=postfix&server-version=2.10.1&config=intermediate&openssl-version=1.0.2k -smtpd_use_tls = yes -smtpd_tls_security_level = {{ postfix_smtpd_tls_security_level }} -{% if postfix_smtpd_server %} -smtpd_tls_auth_only = yes -{% endif %} -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtpd_tls_mandatory_ciphers = medium - -# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem -# not actually 1024 bits, this applies to all DHE >= 1024 bits -smtpd_tls_dh1024_param_file = {{ postfix_tls_dhparam_file }} - -tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 -tls_preempt_cipherlist = no - -{% elif postfix_tls_encryption_level == 'old' %} -# 2019-12-11, https://ssl-config.mozilla.org/#server=postfix&server-version=2.10.1&config=old&openssl-version=1.0.2k -smtpd_use_tls = yes -smtpd_tls_security_level = {{ postfix_smtpd_tls_security_level }} -{% if postfix_smtpd_server %} -smtpd_tls_auth_only = yes -{% endif %} -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 -smtpd_tls_protocols = !SSLv2, !SSLv3 -smtpd_tls_mandatory_ciphers = medium - -# openssl dhparam 1024 > /path/to/dhparam.pem -# not actually 1024 bits, this applies to all DHE >= 1024 bits -smtpd_tls_dh1024_param_file = {{ postfix_tls_dhparam_file }} - -tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA -tls_preempt_cipherlist = yes -{% endif %} -# Server -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -# Client -smtp_tls_security_level = {{ postfix_smtp_tls_security_level }} -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache -{% if ansible_distribution_file_variety == "Debian" %} -{% if ansible_distribution_version is version_compare('18.04', '>=') %} -compatibility_level=2 -{% endif %} -{% endif %} diff --git a/library/roles/postfix/templates/master.cf.j2 b/library/roles/postfix/templates/master.cf.j2 deleted file mode 100644 index 2fc6f16..0000000 --- a/library/roles/postfix/templates/master.cf.j2 +++ /dev/null @@ -1,147 +0,0 @@ -# -# Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master"). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) -# ========================================================================== -{% if postfix_smtpd_server %} -smtp inet n - n - - smtpd -{% endif %} -#smtp inet n - n - 1 postscreen -#smtpd pass - - n - - smtpd -#dnsblog unix - - n - 0 dnsblog -#tlsproxy unix - - n - 0 tlsproxy -{% if postfix_submission_server %} -submission inet n - n - - smtpd - -o syslog_name=postfix/submission - -o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }} -{% if postfix_use_letsencrypt %} - -o smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain - -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert - -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey -{% endif %} - -o smtpd_sasl_auth_enable=yes - -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions - -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -{% if postfix_behind_haproxy %} - -o smtpd_upstream_proxy_protocol=haproxy -{% endif %} - -o milter_macro_daemon_name=ORIGINATING -smtps inet n - n - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes -{% if postfix_use_letsencrypt %} - -o smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain - -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert - -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey -{% endif %} -{% if postfix_behind_haproxy %} - -o smtpd_upstream_proxy_protocol=haproxy -{% endif %} - -o smtpd_sasl_auth_enable=yes - -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions - -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING -{% endif %} -#628 inet n - n - - qmqpd -pickup unix n - n 60 1 pickup -cleanup unix n - n - 0 cleanup -qmgr unix n - n 300 1 qmgr -#qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - n 1000? 1 tlsmgr -rewrite unix - - n - - trivial-rewrite -bounce unix - - n - 0 bounce -defer unix - - n - 0 bounce -trace unix - - n - 0 bounce -verify unix - - n - 1 verify -flush unix n - n 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - n - - smtp -relay unix - - n - - smtp -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - n - - showq -error unix - - n - - error -retry unix - - n - - error -discard unix - - n - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - - - - lmtp -anvil unix - - n - 1 anvil -scache unix - - n - 1 scache -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -#maildrop unix - n n - - pipe -# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# Recent Cyrus versions can use the existing "lmtp" master.cf entry. -# -# Specify in cyrus.conf: -# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 -# -# Specify in main.cf one or more of the following: -# mailbox_transport = lmtp:inet:localhost -# virtual_transport = lmtp:inet:localhost -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# -# Old example of delivery via Cyrus. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -#uucp unix - n n - - pipe -# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# ==================================================================== -# -# Other external delivery methods. -# -#ifmail unix - n n - - pipe -# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -# -#bsmtp unix - n n - - pipe -# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient -# -#scalemail-backend unix - n n - 2 pipe -# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store -# ${nexthop} ${user} ${extension} -# -#mailman unix - n n - - pipe -# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py -# ${nexthop} ${user} diff --git a/library/roles/postfix/templates/network_table.j2 b/library/roles/postfix/templates/network_table.j2 deleted file mode 100644 index 355d1cb..0000000 --- a/library/roles/postfix/templates/network_table.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for net in postfix_mynetworks_data %} -{{ net }} OK -{% endfor %} diff --git a/library/roles/postfix/templates/postfix-letsencrypt-hook b/library/roles/postfix/templates/postfix-letsencrypt-hook deleted file mode 100644 index c0a5a45..0000000 --- a/library/roles/postfix/templates/postfix-letsencrypt-hook +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -LE_LOG_DIR=/var/log/acme -DATE=$( date ) - -[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR -echo "$DATE" >> $LE_LOG_DIR/postfix.log - -echo "Reload the postfix service" >> $LE_LOG_DIR/postfix.log -if [ -x /bin/systemctl ] ; then - systemctl reload postfix >> $LE_LOG_DIR/postfix.log 2>&1 -else - service postfix reload >> $LE_LOG_DIR/postfix.log 2>&1 -fi - -echo "Done." >> $LE_LOG_DIR/postfix.log - -exit 0 \ No newline at end of file diff --git a/library/roles/postfix/templates/postfix-nrpe.cfg.j2 b/library/roles/postfix/templates/postfix-nrpe.cfg.j2 deleted file mode 100644 index 65d2fdc..0000000 --- a/library/roles/postfix/templates/postfix-nrpe.cfg.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# Postfix mailq -command[postfix_check_mailqueue]=/usr/bin/sudo {{ nagios_plugins_dir }}/check_postfix_mailqueue -w {{ nagios_postfix_mailq_w }} -c {{ nagios_postfix_mailq_c }} -# Postfix processed -command[postfix_check_processed]=/usr/bin/sudo {{ nagios_plugins_dir }}/check_postfix_processed -w {{ nagios_postfix_processed_w }} -c {{ nagios_postfix_processed_c }} diff --git a/library/roles/postfix/templates/sasl_passwd.j2 b/library/roles/postfix/templates/sasl_passwd.j2 deleted file mode 100644 index 446cc24..0000000 --- a/library/roles/postfix/templates/sasl_passwd.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ postfix_relay_host }}:{{ postfix_relay_port }} {{ postfix_smtp_relay_user }}:{{ postfix_smtp_relay_pwd }} diff --git a/library/roles/postfix/templates/saslauthd.conf.j2 b/library/roles/postfix/templates/saslauthd.conf.j2 deleted file mode 100644 index f6c4938..0000000 --- a/library/roles/postfix/templates/saslauthd.conf.j2 +++ /dev/null @@ -1,14 +0,0 @@ -ldap_servers: {{ postfix_sasl_ldap_servers }} -ldap_bind_dn: {{ postfix_sasl_ldap_bind_dn }} -ldap_bind_pw: {{ postfix_sasl_ldap_bind_pw }} -ldap_timeout: {{ postfix_sasl_ldap_timeout }} -ldap_time_limit: {{ postfix_sasl_ldap_time_limit }} -ldap_scope: {{ postfix_sasl_ldap_scope }} -ldap_search_base: {{ postfix_sasl_ldap_search_base }} -ldap_auth_method: {{ postfix_sasl_ldap_auth_method }} -ldap_filter: {{ postfix_sasl_ldap_filter }} -ldap_debug: {{ postfix_sasl_ldap_debug }} -ldap_verbose: {{ postfix_sasl_ldap_verbose }} -ldap_ssl: {{ postfix_sasl_ldap_ssl }} -ldap_starttls: {{ postfix_sasl_ldap_starttls }} -ldap_referrals: {{ postfix_sasl_ldap_referrals }} diff --git a/library/roles/postfix/templates/saslauthd.sysconfig.j2 b/library/roles/postfix/templates/saslauthd.sysconfig.j2 deleted file mode 100644 index 7d6b141..0000000 --- a/library/roles/postfix/templates/saslauthd.sysconfig.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# Directory in which to place saslauthd's listening socket, pid file, and so -# on. This directory must already exist. -SOCKETDIR=/run/saslauthd - -# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list -# of which mechanism your installation was compiled with the ablity to use. -MECH="{{ postfix_saslauthd_mech }}" - -# Additional flags to pass to saslauthd on the command line. See saslauthd(8) -# for the list of accepted flags. -FLAGS={{ postfix_saslauthd_flags }} diff --git a/library/roles/postfix/templates/transport.j2 b/library/roles/postfix/templates/transport.j2 deleted file mode 100644 index c84f3bf..0000000 --- a/library/roles/postfix/templates/transport.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for map in postfix_transport_data %} -{{ map.domain }} {{ map.action }} -{% endfor %} diff --git a/library/roles/postfix/templates/virtual_domains.j2 b/library/roles/postfix/templates/virtual_domains.j2 deleted file mode 100644 index bbb8260..0000000 --- a/library/roles/postfix/templates/virtual_domains.j2 +++ /dev/null @@ -1,11 +0,0 @@ -{% if postfix_virtual_domains | bool %} -{% for dom in postfix_virtual_alias_domains_data %} -{{ dom.domain }} OK -{% endfor %} -{% elif postfix_virtual_addresses | bool %} -{% for dom in postfix_virtual_mailbox_domains_data %} -{{ dom.domain }} OK -{% endfor %} -{% else %} -localdomain OK -{% endif %}