forked from ISTI-ansible-roles/ansible-roles
Manage the smtp and submission configurations with different variables.
This commit is contained in:
parent
ba319f76a5
commit
ad4ed35212
|
@ -44,9 +44,9 @@ postfix_smtp_relay_user: '{{ ansible_fqdn }}'
|
||||||
# This one has to be set inside a vault file
|
# This one has to be set inside a vault file
|
||||||
#postfix_smtp_relay_pwd: 'set_you_password_here_in_a_vault_encrypted_file'
|
#postfix_smtp_relay_pwd: 'set_you_password_here_in_a_vault_encrypted_file'
|
||||||
postfix_smtpd_reject_unknown_helo_hostname: False
|
postfix_smtpd_reject_unknown_helo_hostname: False
|
||||||
|
postfix_reject_unknown_sender_domain: True
|
||||||
#############################################################################
|
#############################################################################
|
||||||
# Relay server: accept authenticated clients
|
# Relay server: accepts authenticated clients
|
||||||
#############################################################################
|
#############################################################################
|
||||||
postfix_relay_server: False
|
postfix_relay_server: False
|
||||||
#
|
#
|
||||||
|
@ -62,6 +62,10 @@ postfix_milter_action: tempfail
|
||||||
# SMTP server that not accept authenticated clients.
|
# SMTP server that not accept authenticated clients.
|
||||||
#############################################################################
|
#############################################################################
|
||||||
postfix_smtpd_server: False
|
postfix_smtpd_server: False
|
||||||
|
#############################################################################
|
||||||
|
# SMTP submission server: accepts authenticated clients
|
||||||
|
#############################################################################
|
||||||
|
postfix_submission_server: False
|
||||||
###########################################################################################
|
###########################################################################################
|
||||||
# The following options are used when acting as a relay or as a general purpose SMTP server
|
# The following options are used when acting as a relay or as a general purpose SMTP server
|
||||||
###########################################################################################
|
###########################################################################################
|
||||||
|
|
|
@ -39,7 +39,7 @@
|
||||||
register: postfix_network_table_status
|
register: postfix_network_table_status
|
||||||
|
|
||||||
when: postfix_install_packages | bool
|
when: postfix_install_packages | bool
|
||||||
tags: postfix
|
tags: [ 'postfix', 'postfix_conf' ]
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Ensure that postfix is started and enabled
|
- name: Ensure that postfix is started and enabled
|
||||||
|
@ -56,7 +56,7 @@
|
||||||
when:
|
when:
|
||||||
- postfix_install_packages | bool
|
- postfix_install_packages | bool
|
||||||
- postfix_enabled | bool
|
- postfix_enabled | bool
|
||||||
tags: postfix
|
tags: [ 'postfix', 'postfix_conf' ]
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Ensure that postfix is stopped and disabled
|
- name: Ensure that postfix is stopped and disabled
|
||||||
|
|
|
@ -486,6 +486,8 @@ virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }}
|
||||||
virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %}
|
virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %}
|
||||||
|
|
||||||
virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %}
|
virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %}
|
||||||
|
|
||||||
|
virtual_mailbox_limit = {{ postfix_message_size_limit }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# The luser_relay parameter specifies an optional destination address
|
# The luser_relay parameter specifies an optional destination address
|
||||||
|
@ -536,6 +538,7 @@ smtpd_delay_reject = yes
|
||||||
smtpd_helo_required = yes
|
smtpd_helo_required = yes
|
||||||
|
|
||||||
mailbox_size_limit = {{ postfix_message_size_limit }}
|
mailbox_size_limit = {{ postfix_message_size_limit }}
|
||||||
|
message_size_limit = {{ postfix_message_size_limit }}
|
||||||
|
|
||||||
{% if postfix_use_milter %}
|
{% if postfix_use_milter %}
|
||||||
#
|
#
|
||||||
|
@ -563,27 +566,37 @@ smtpd_milters =
|
||||||
smtpd_client_restrictions =
|
smtpd_client_restrictions =
|
||||||
permit_mynetworks
|
permit_mynetworks
|
||||||
permit_inet_interfaces
|
permit_inet_interfaces
|
||||||
|
{% if postfix_submission_server %}
|
||||||
|
permit_sasl_authenticated
|
||||||
|
{% endif %}
|
||||||
|
reject
|
||||||
|
{% if postfix_submission_server %}
|
||||||
smtpd_sasl_path = smtpd
|
smtpd_sasl_path = smtpd
|
||||||
smtpd_sasl_auth_enable = yes
|
smtpd_sasl_auth_enable = yes
|
||||||
smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
|
smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
|
||||||
smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
|
smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
|
||||||
smtpd_sasl_authenticated_header = yes
|
smtpd_sasl_authenticated_header = yes
|
||||||
broken_sasl_auth_clients = yes
|
broken_sasl_auth_clients = yes
|
||||||
smtpd_helo_required = yes
|
# Block clients that speak too early.
|
||||||
|
smtpd_data_restrictions = reject_unauth_pipelining
|
||||||
|
{% endif %}
|
||||||
{% if postfix_smtpd_reject_unknown_helo_hostname %}
|
{% if postfix_smtpd_reject_unknown_helo_hostname %}
|
||||||
# Don't talk to mail systems that don't know their own hostname. Use with care: it breaks most dialup setups
|
# Don't talk to mail systems that don't know their own hostname. Use with care: it breaks most dialup setups
|
||||||
smtpd_helo_restrictions = reject_unknown_helo_hostname
|
smtpd_helo_restrictions = reject_unknown_helo_hostname
|
||||||
{% endif %}
|
{% endif %}
|
||||||
# Block clients that speak too early.
|
{% if postfix_reject_unknown_sender_domain %}
|
||||||
smtpd_data_restrictions = reject_unauth_pipelining
|
|
||||||
# Our internal servers talk to the submission port so they are treated as clients
|
|
||||||
smtpd_client_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject
|
|
||||||
# Don't accept mail from domains that don't exist.
|
# Don't accept mail from domains that don't exist.
|
||||||
smtpd_sender_restrictions = reject_unknown_sender_domain
|
smtpd_sender_restrictions = reject_unknown_sender_domain
|
||||||
|
{% endif %}
|
||||||
|
{% if postfix_submission_server %}
|
||||||
# Relay control: local clients and
|
# Relay control: local clients and
|
||||||
# authenticated clients may specify any destination domain.
|
# authenticated clients may specify any destination domain.
|
||||||
smtpd_relay_restrictions = permit_sasl_authenticated, reject
|
smtpd_relay_restrictions = permit_sasl_authenticated, reject
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if postfix_behind_haproxy %}
|
||||||
|
smtpd_upstream_proxy_protocol=haproxy
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# FAST ETRN SERVICE
|
# FAST ETRN SERVICE
|
||||||
#
|
#
|
||||||
|
|
|
@ -8,12 +8,14 @@
|
||||||
# service type private unpriv chroot wakeup maxproc command + args
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
# (yes) (yes) (yes) (never) (100)
|
# (yes) (yes) (yes) (never) (100)
|
||||||
# ==========================================================================
|
# ==========================================================================
|
||||||
|
{% if postfix_smtpd_server %}
|
||||||
smtp inet n - n - - smtpd
|
smtp inet n - n - - smtpd
|
||||||
|
{% endif %}
|
||||||
#smtp inet n - n - 1 postscreen
|
#smtp inet n - n - 1 postscreen
|
||||||
#smtpd pass - - n - - smtpd
|
#smtpd pass - - n - - smtpd
|
||||||
#dnsblog unix - - n - 0 dnsblog
|
#dnsblog unix - - n - 0 dnsblog
|
||||||
#tlsproxy unix - - n - 0 tlsproxy
|
#tlsproxy unix - - n - 0 tlsproxy
|
||||||
{% if postfix_smtpd_server %}
|
{% if postfix_submission_server %}
|
||||||
submission inet n - n - - smtpd
|
submission inet n - n - - smtpd
|
||||||
-o syslog_name=postfix/submission
|
-o syslog_name=postfix/submission
|
||||||
-o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}
|
-o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}
|
||||||
|
|
Loading…
Reference in New Issue