forked from ISTI-ansible-roles/ansible-roles
Manage the smtp and submission configurations with different variables.
This commit is contained in:
parent
ba319f76a5
commit
ad4ed35212
|
@ -44,9 +44,9 @@ postfix_smtp_relay_user: '{{ ansible_fqdn }}'
|
|||
# This one has to be set inside a vault file
|
||||
#postfix_smtp_relay_pwd: 'set_you_password_here_in_a_vault_encrypted_file'
|
||||
postfix_smtpd_reject_unknown_helo_hostname: False
|
||||
|
||||
postfix_reject_unknown_sender_domain: True
|
||||
#############################################################################
|
||||
# Relay server: accept authenticated clients
|
||||
# Relay server: accepts authenticated clients
|
||||
#############################################################################
|
||||
postfix_relay_server: False
|
||||
#
|
||||
|
@ -62,6 +62,10 @@ postfix_milter_action: tempfail
|
|||
# SMTP server that not accept authenticated clients.
|
||||
#############################################################################
|
||||
postfix_smtpd_server: False
|
||||
#############################################################################
|
||||
# SMTP submission server: accepts authenticated clients
|
||||
#############################################################################
|
||||
postfix_submission_server: False
|
||||
###########################################################################################
|
||||
# The following options are used when acting as a relay or as a general purpose SMTP server
|
||||
###########################################################################################
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
register: postfix_network_table_status
|
||||
|
||||
when: postfix_install_packages | bool
|
||||
tags: postfix
|
||||
tags: [ 'postfix', 'postfix_conf' ]
|
||||
|
||||
- block:
|
||||
- name: Ensure that postfix is started and enabled
|
||||
|
@ -56,7 +56,7 @@
|
|||
when:
|
||||
- postfix_install_packages | bool
|
||||
- postfix_enabled | bool
|
||||
tags: postfix
|
||||
tags: [ 'postfix', 'postfix_conf' ]
|
||||
|
||||
- block:
|
||||
- name: Ensure that postfix is stopped and disabled
|
||||
|
|
|
@ -486,6 +486,8 @@ virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }}
|
|||
virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %}
|
||||
|
||||
virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %}
|
||||
|
||||
virtual_mailbox_limit = {{ postfix_message_size_limit }}
|
||||
{% endif %}
|
||||
|
||||
# The luser_relay parameter specifies an optional destination address
|
||||
|
@ -536,6 +538,7 @@ smtpd_delay_reject = yes
|
|||
smtpd_helo_required = yes
|
||||
|
||||
mailbox_size_limit = {{ postfix_message_size_limit }}
|
||||
message_size_limit = {{ postfix_message_size_limit }}
|
||||
|
||||
{% if postfix_use_milter %}
|
||||
#
|
||||
|
@ -563,27 +566,37 @@ smtpd_milters =
|
|||
smtpd_client_restrictions =
|
||||
permit_mynetworks
|
||||
permit_inet_interfaces
|
||||
{% if postfix_submission_server %}
|
||||
permit_sasl_authenticated
|
||||
{% endif %}
|
||||
reject
|
||||
{% if postfix_submission_server %}
|
||||
smtpd_sasl_path = smtpd
|
||||
smtpd_sasl_auth_enable = yes
|
||||
smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
|
||||
smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
|
||||
smtpd_sasl_authenticated_header = yes
|
||||
broken_sasl_auth_clients = yes
|
||||
smtpd_helo_required = yes
|
||||
# Block clients that speak too early.
|
||||
smtpd_data_restrictions = reject_unauth_pipelining
|
||||
{% endif %}
|
||||
{% if postfix_smtpd_reject_unknown_helo_hostname %}
|
||||
# Don't talk to mail systems that don't know their own hostname. Use with care: it breaks most dialup setups
|
||||
smtpd_helo_restrictions = reject_unknown_helo_hostname
|
||||
{% endif %}
|
||||
# Block clients that speak too early.
|
||||
smtpd_data_restrictions = reject_unauth_pipelining
|
||||
# Our internal servers talk to the submission port so they are treated as clients
|
||||
smtpd_client_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject
|
||||
{% if postfix_reject_unknown_sender_domain %}
|
||||
# Don't accept mail from domains that don't exist.
|
||||
smtpd_sender_restrictions = reject_unknown_sender_domain
|
||||
{% endif %}
|
||||
{% if postfix_submission_server %}
|
||||
# Relay control: local clients and
|
||||
# authenticated clients may specify any destination domain.
|
||||
smtpd_relay_restrictions = permit_sasl_authenticated, reject
|
||||
{% endif %}
|
||||
{% if postfix_behind_haproxy %}
|
||||
smtpd_upstream_proxy_protocol=haproxy
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
# FAST ETRN SERVICE
|
||||
#
|
||||
|
|
|
@ -8,12 +8,14 @@
|
|||
# service type private unpriv chroot wakeup maxproc command + args
|
||||
# (yes) (yes) (yes) (never) (100)
|
||||
# ==========================================================================
|
||||
{% if postfix_smtpd_server %}
|
||||
smtp inet n - n - - smtpd
|
||||
{% endif %}
|
||||
#smtp inet n - n - 1 postscreen
|
||||
#smtpd pass - - n - - smtpd
|
||||
#dnsblog unix - - n - 0 dnsblog
|
||||
#tlsproxy unix - - n - 0 tlsproxy
|
||||
{% if postfix_smtpd_server %}
|
||||
{% if postfix_submission_server %}
|
||||
submission inet n - n - - smtpd
|
||||
-o syslog_name=postfix/submission
|
||||
-o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}
|
||||
|
|
Loading…
Reference in New Issue