ansible-roles/library/roles/postfix/defaults/main.yml

---
postfix_enabled: True
postfix_install_packages: True

postfix_relay_rh_pkgs:
  - postfix
  - cyrus-sasl-lib
  - cyrus-sasl-plain
  - cyrus-sasl-md5

postfix_relay_deb_pkgs:
  - postfix
  - libsasl2-2

#############################################################################
# Set them to true when you want configure your machine to send email to a relay
#############################################################################
postfix_relay_client: False
postfix_use_relay_host: '{{ postfix_relay_client }}'
postfix_biff: "no"
postfix_append_dot_mydomain: "no"

postfix_use_letsencrypt: False
# Accepted values: none, may, encrypt
postfix_smtpd_tls_security_level: encrypt
# Accepted values: none, may, encrypt, fingerprint, verify, secure. And from 2.11: dane, dane-only
postfix_smtp_tls_security_level: encrypt
postfix_use_sasl_auth: True
postfix_smtp_sasl_auth_enable: "yes"
postfix_smtp_create_relay_user: True
# Options: noanonymous, noplaintext
postfix_smtp_sasl_security_options: noanonymous
postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
postfix_smtp_sasl_mechanism_filter: plain, login

# Set it in your vars files
#postfix_relay_host: smtp-relay.example.com
postfix_relay_port: 587
#postfix_smtp_relay_user: smtp-user
postfix_smtp_relay_user: '{{ ansible_fqdn }}'
# This one has to be set inside a vault file
#postfix_smtp_relay_pwd: 'set_you_password_here_in_a_vault_encrypted_file'

#############################################################################
# Relay server: accept authenticated clients
#############################################################################
postfix_relay_server: False
#############################################################################
# SMTP server that not accept authenticated clients. 
#############################################################################
postfix_smtpd_server: False
###########################################################################################
# The following options are used when acting as a relay or as a general purpose SMTP server
###########################################################################################
postfix_use_inet_interfaces: False
postfix_inet_interfaces:
  - all
postfix_inet_protocols:
  - all
postfix_proxy_interfaces_enabled: False
postfix_proxy_interfaces:
  - 127.0.0.1
postfix_message_size_limit: 10240000

postfix_sasl_deb_packages:
  - sasl2-bin

postfix_sasl_rh_packages:
  - cyrus-sasl

postfix_use_domain_name: False
postfix_inet_lmtp_enabled: False
postfix_inet_lmtp_host: '127.0.0.1'
postfix_inet_lmtp_port: 24
postfix_delivery_soft_bounce: False
postfix_recipient_delimiter: '+'
postfix_local_recipients: False

postfix_mynetworks: hash:/etc/postfix/network_table
postfix_mynetworks_data:
  - '127.0.0.0/8'
  - '127.0.0.1'

postfix_alias_maps:
  - 'hash:/etc/aliases'

postfix_alias_databases: '{{ postfix_alias_maps }}'

postfix_virtual_addresses: False
postfix_virtual_mailbox_domains: 'hash:/etc/postfix/virtual_domains'
postfix_virtual_mailbox_maps:
  - 'hash:/etc/postfix/vmailbox_maps'

postfix_virtual_alias_maps:
  - 'hash:/etc/postfix/virtual'

postfix_local_dest_concurrency_limit: 2
postfix_default_destination_concurrency_limit: 5

postfix_behind_haproxy: False
postfix_postscreen_port: 1024

#
# Nagios monitoring
#
postfix_nagios_check: False
postfix_nagios_checks:
  - check_postfix_mailqueue
  - check_postfix_processed

nagios_postfix_mailq_w: 20
nagios_postfix_mailq_c: 50
nagios_postfix_processed_w: 50
nagios_postfix_processed_c: 150

postfix_firewalld_services:
  - { service: 'smtp', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
  - { service: 'smtps', state: 'enabled', zone: '{{ firewalld_default_zone }}'  }
  - { service: 'smtp-submission', state: 'enabled', zone: '{{ firewalld_default_zone }}'  }