Manage the smtp and submission configurations with different variables.

This commit is contained in:
Andrea Dell'Amico 2020-01-08 00:23:34 +01:00
parent ba319f76a5
commit ad4ed35212
4 changed files with 29 additions and 10 deletions

View File

@ -44,9 +44,9 @@ postfix_smtp_relay_user: '{{ ansible_fqdn }}'
# This one has to be set inside a vault file
#postfix_smtp_relay_pwd: 'set_you_password_here_in_a_vault_encrypted_file'
postfix_smtpd_reject_unknown_helo_hostname: False
postfix_reject_unknown_sender_domain: True
#############################################################################
# Relay server: accept authenticated clients
# Relay server: accepts authenticated clients
#############################################################################
postfix_relay_server: False
#
@ -62,6 +62,10 @@ postfix_milter_action: tempfail
# SMTP server that not accept authenticated clients.
#############################################################################
postfix_smtpd_server: False
#############################################################################
# SMTP submission server: accepts authenticated clients
#############################################################################
postfix_submission_server: False
###########################################################################################
# The following options are used when acting as a relay or as a general purpose SMTP server
###########################################################################################

View File

@ -39,7 +39,7 @@
register: postfix_network_table_status
when: postfix_install_packages | bool
tags: postfix
tags: [ 'postfix', 'postfix_conf' ]
- block:
- name: Ensure that postfix is started and enabled
@ -56,7 +56,7 @@
when:
- postfix_install_packages | bool
- postfix_enabled | bool
tags: postfix
tags: [ 'postfix', 'postfix_conf' ]
- block:
- name: Ensure that postfix is stopped and disabled

View File

@ -486,6 +486,8 @@ virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }}
virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %}
virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %}
virtual_mailbox_limit = {{ postfix_message_size_limit }}
{% endif %}
# The luser_relay parameter specifies an optional destination address
@ -536,6 +538,7 @@ smtpd_delay_reject = yes
smtpd_helo_required = yes
mailbox_size_limit = {{ postfix_message_size_limit }}
message_size_limit = {{ postfix_message_size_limit }}
{% if postfix_use_milter %}
#
@ -563,27 +566,37 @@ smtpd_milters =
smtpd_client_restrictions =
permit_mynetworks
permit_inet_interfaces
{% if postfix_submission_server %}
permit_sasl_authenticated
{% endif %}
reject
{% if postfix_submission_server %}
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
{% endif %}
{% if postfix_smtpd_reject_unknown_helo_hostname %}
# Don't talk to mail systems that don't know their own hostname. Use with care: it breaks most dialup setups
smtpd_helo_restrictions = reject_unknown_helo_hostname
{% endif %}
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Our internal servers talk to the submission port so they are treated as clients
smtpd_client_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject
{% if postfix_reject_unknown_sender_domain %}
# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain
{% endif %}
{% if postfix_submission_server %}
# Relay control: local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_sasl_authenticated, reject
{% endif %}
{% if postfix_behind_haproxy %}
smtpd_upstream_proxy_protocol=haproxy
{% endif %}
{% endif %}
# FAST ETRN SERVICE
#

View File

@ -8,12 +8,14 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
{% if postfix_smtpd_server %}
smtp inet n - n - - smtpd
{% endif %}
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
{% if postfix_smtpd_server %}
{% if postfix_submission_server %}
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}