From 426c10d3f5c69e4a0fdcd313d830d8a2fa272164 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 21 Mar 2019 19:37:35 +0100 Subject: [PATCH] Adapt the postfix role so that it can be used on both debian and RH based distributions. --- postfix-relay/defaults/main.yml | 16 ++++++ postfix-relay/meta/main.yml | 4 +- postfix-relay/tasks/smtp-common-packages.yml | 52 +++++++++++--------- postfix-relay/templates/main.cf.j2 | 23 +++++---- 4 files changed, 59 insertions(+), 36 deletions(-) diff --git a/postfix-relay/defaults/main.yml b/postfix-relay/defaults/main.yml index eceb23bb..9b7d549f 100644 --- a/postfix-relay/defaults/main.yml +++ b/postfix-relay/defaults/main.yml @@ -1,6 +1,17 @@ --- postfix_enabled: True postfix_install_packages: True + +postfix_relay_rh_pkgs: + - postfix + - cyrus-sasl-lib + - cyrus-sasl-plain + - cyrus-sasl-md5 + +postfix_relay_deb_pkgs: + - postfix + - libsasl2-2 + # Set it to true when you want configure your machine to send email to a relay postfix_relay_client: False postfix_biff: "no" @@ -15,6 +26,11 @@ postfix_smtp_tls_security_level: encrypt postfix_use_sasl_auth: True postfix_smtp_sasl_auth_enable: "yes" postfix_smtp_create_relay_user: True +# Options: noanonymous, noplaintext +postfix_smtp_sasl_security_options: noanonymous +postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}' +postfix_smtp_sasl_mechanism_filter: plain, login + # Set it in the local rules #postfix_relay_host: smtp-relay.example.com postfix_relay_port: 587 diff --git a/postfix-relay/meta/main.yml b/postfix-relay/meta/main.yml index 51ba52dd..5fae87e8 100644 --- a/postfix-relay/meta/main.yml +++ b/postfix-relay/meta/main.yml @@ -1,3 +1,3 @@ --- -dependencies: - - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled } +#dependencies: +# - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled } diff --git a/postfix-relay/tasks/smtp-common-packages.yml b/postfix-relay/tasks/smtp-common-packages.yml index a07eb470..f5b186cf 100644 --- a/postfix-relay/tasks/smtp-common-packages.yml +++ b/postfix-relay/tasks/smtp-common-packages.yml @@ -1,11 +1,16 @@ --- - block: + - name: Install postfix and libsas to do mail relay on deb systems + apt: pkg={{ postfix_relay_deb_pkgs }} state=present update_cache=yes cache_valid_time=1800 + when: ansible_distribution_file_variety == "Debian" - - name: Install postfix and libsas to do mail relay - action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800 - with_items: - - postfix - - libsasl2-2 + - name: Install postfix and libsas to do mail relay on RH systems + yum: pkg={{ postfix_relay_rh_pkgs }} state=present + when: ansible_distribution_file_variety == "RedHat" + + - name: Remove the ssmtp package on RH systems + yum: pkg=ssmtp state=absent + when: ansible_distribution_file_variety == "RedHat" - name: Write the postfix main configuration file template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444 @@ -15,18 +20,6 @@ template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444 notify: Restart postfix - - name: Install the postfix NRPE nagios check - copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555 - with_items: '{{ postfix_nagios_checks }}' - when: postfix_nagios_check - tags: [ 'postfix-relay', 'nagios', 'nrpe' ] - - - name: Install the postfix NRPE command configuration - template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444 - notify: Reload NRPE server - when: postfix_nagios_check - tags: [ 'postfix-relay', 'nagios', 'nrpe' ] - - name: Ensure that postfix is started and enabled service: name=postfix state=started enabled=yes when: postfix_enabled @@ -39,12 +32,27 @@ tags: postfix-relay - block: + - name: Install the postfix NRPE nagios check + copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555 + with_items: '{{ postfix_nagios_checks }}' - - name: Remove postfix and libsas - action: apt pkg={{ item }} state=absent - with_items: - - postfix - - libsasl2-2 + - name: Install the postfix NRPE command configuration + template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444 + notify: Reload NRPE server + + when: + - postfix_install_packages + - postfix_nagios_check + tags: [ 'postfix-relay', 'nagios', 'nrpe' ] + +- block: + - name: Remove postfix and libsas on deb systems + action: apt pkg={{ postfix_relay_deb_pkgs }} state=absent + when: ansible_distribution_file_variety == "Debian" + + - name: Remove postfix and libsas to do mail relay on RH systems + yum: pkg={{ postfix_relay_rh_pkgs }} state=absent + when: ansible_distribution_file_variety == "RedHat" when: not postfix_install_packages tags: postfix-relay diff --git a/postfix-relay/templates/main.cf.j2 b/postfix-relay/templates/main.cf.j2 index d9341502..a95cfb24 100644 --- a/postfix-relay/templates/main.cf.j2 +++ b/postfix-relay/templates/main.cf.j2 @@ -1,8 +1,3 @@ -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - smtpd_banner = $myhostname ESMTP $mail_name biff = {{ postfix_biff }} @@ -45,14 +40,18 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = {{ ansible_fqdn }} alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases -myorigin = /etc/mailname +{% if domain_name is defined %} +myorigin = {{ domain_name }} +{% else %} +myorigin = {{ ansible_fqdn }} +{% endif %} mydestination = {{ ansible_fqdn }}, localhost {% if postfix_use_relay_host %} relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }} {% endif %} {% if not postfix_relay_server %} mynetworks = 127.0.0.1 -inet_interfaces = localhost, ip6-localhost +inet_interfaces = localhost inet_protocols = ipv4 {% endif %} mailbox_size_limit = 0 @@ -61,15 +60,15 @@ default_destination_concurrency_limit = {{ postfix_default_destination_concurren {% if postfix_use_sasl_auth %} smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }} smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd -smtp_sasl_security_options = noanonymous -smtp_sasl_tls_security_options = noanonymous -smtp_sasl_mechanism_filter = plain, login +smtp_sasl_security_options = {{ postfix_smtp_sasl_security_options }} +smtp_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }} +smtp_sasl_mechanism_filter = {{ postfix_smtp_sasl_mechanism_filter }} {% endif %} {% if postfix_relay_server %} smtpd_sasl_path = smtpd smtpd_sasl_auth_enable = yes -smtpd_sasl_security_options = noanonymous -smtpd_sasl_tls_security_options = noanonymous +smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }} +smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }} smtpd_helo_required = yes mynetworks = {{ postfix_mynetworks }} inet_interfaces = {{ postfix_interfaces }}