Manage the transport and virtual_domains maps.

This commit is contained in:
Andrea Dell'Amico 2020-01-24 13:03:07 +01:00
parent c036b0bf8b
commit d53b569189
7 changed files with 130 additions and 37 deletions

View File

@ -62,6 +62,9 @@ postfix_milter_action: tempfail
# SMTP server that not accept authenticated clients. # SMTP server that not accept authenticated clients.
############################################################################# #############################################################################
postfix_smtpd_server: False postfix_smtpd_server: False
# SMTP server that routes emails coming from outside
#############################################################################
postfix_mx_server: False
############################################################################# #############################################################################
# SMTP submission server: accepts authenticated clients # SMTP submission server: accepts authenticated clients
############################################################################# #############################################################################
@ -106,12 +109,25 @@ postfix_sasl_ldap_referrals: no
# #
postfix_use_domain_name: False postfix_use_domain_name: False
postfix_inet_lmtp_enabled: False postfix_virtual_transport_enabled: False
postfix_inet_lmtp_host: '127.0.0.1' postfix_virtual_transport_protocol: 'lmtp'
postfix_inet_lmtp_port: 24 postfix_lmtp_protocol: 'inet'
postfix_lmtp_host: '127.0.0.1'
postfix_lmtp_port: 24
postfix_delivery_soft_bounce: False postfix_delivery_soft_bounce: False
postfix_recipient_delimiter: '+' postfix_recipient_delimiter: '+'
postfix_local_recipients: False postfix_local_recipients: False
postfix_transport_map_enabled: False
postfix_transport_maps:
- 'hash:/etc/postfix/transport'
postfix_transport_data: []
#
# Example:
# postfix_transport_data:
# - { domain: 'example.com', action: 'smtp:[dest.smtp.example.com]:25' }
postfix_rbl_enabled: True
postfix_rbl_list: 'zen.spamhaus.org'
postfix_mynetworks: hash:/etc/postfix/network_table postfix_mynetworks: hash:/etc/postfix/network_table
postfix_mynetworks_data: postfix_mynetworks_data:
@ -125,9 +141,23 @@ postfix_alias_databases: '{{ postfix_alias_maps }}'
postfix_virtual_addresses: False postfix_virtual_addresses: False
postfix_virtual_mailbox_domains: 'hash:/etc/postfix/virtual_domains' postfix_virtual_mailbox_domains: 'hash:/etc/postfix/virtual_domains'
postfix_virtual_mailbox_domains_data: []
#
# Example. The 'action' part is optional:
# postfix_virtual_mailbox_domains_data:
# - { domain: 'example.com', action: 'OK' }
postfix_virtual_mailbox_maps: postfix_virtual_mailbox_maps:
- 'hash:/etc/postfix/vmailbox_maps' - 'hash:/etc/postfix/vmailbox_maps'
postfix_virtual_domains: False
postfix_virtual_alias_domains: 'hash:/etc/postfix/virtual_domains'
postfix_virtual_alias_domains_data: []
#
# Example. The 'action' part is optional:
# postfix_virtual_alias_domains_data:
# - { domain: 'example.com', action: 'OK' }
postfix_virtual_alias_maps: postfix_virtual_alias_maps:
- 'hash:/etc/postfix/virtual' - 'hash:/etc/postfix/virtual'

View File

@ -1,5 +1,6 @@
--- ---
- import_tasks: smtp-common-packages.yml - import_tasks: smtp-common-packages.yml
- import_tasks: smtp-configuration.yml
- import_tasks: postfix_firewalld.yml - import_tasks: postfix_firewalld.yml
when: ansible_distribution_file_variety == "RedHat" when: ansible_distribution_file_variety == "RedHat"
- import_tasks: smtp-sasl-auth.yml - import_tasks: smtp-sasl-auth.yml

View File

@ -26,38 +26,9 @@
when: postfix_tls_encryption_level != "old" when: postfix_tls_encryption_level != "old"
notify: Reload postfix notify: Reload postfix
- name: Write the postfix main configuration file
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
register: postfix_main_restart_needed
- name: The postfix master.cf file adapts to the service role
template: src=master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
register: postfix_master_restart_needed
- name: Write the postfix network_table map
template: src=network_table.j2 dest=/etc/postfix/network_table owner=root group=root mode=0444
register: postfix_network_table_status
when: postfix_install_packages | bool when: postfix_install_packages | bool
tags: [ 'postfix', 'postfix_conf' ] tags: [ 'postfix', 'postfix_conf' ]
- block:
- name: Ensure that postfix is started and enabled
service: name=postfix state=started enabled=yes
- name: Update the network hash table
shell: postmap hash:/etc/postfix/network_table
when: postfix_network_table_status is changed
- name: Restart postfix
service: name=postfix state=restarted
when: ( postfix_main_restart_needed is changed ) or ( postfix_master_restart_needed is changed )
when:
- postfix_install_packages | bool
- postfix_enabled | bool
tags: [ 'postfix', 'postfix_conf' ]
- block: - block:
- name: Ensure that postfix is stopped and disabled - name: Ensure that postfix is stopped and disabled
service: name=postfix state=stopped enabled=no service: name=postfix state=stopped enabled=no
@ -67,7 +38,6 @@
- not postfix_enabled | bool - not postfix_enabled | bool
tags: postfix tags: postfix
- block: - block:
- name: Install the postfix NRPE nagios check - name: Install the postfix NRPE nagios check
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555 copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555

View File

@ -0,0 +1,54 @@
---
- name: Postfix main configuration
block:
- name: Write the postfix main configuration file
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
register: postfix_main_restart_needed
- name: The postfix master.cf file adapts to the service role
template: src=master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
register: postfix_master_restart_needed
when: postfix_enabled | bool
tags: [ 'postfix', 'postfix_conf' ]
- name: Postfix maps installation
block:
- name: Write the postfix network_table map
template: src=network_table.j2 dest=/etc/postfix/network_table owner=root group=root mode=0444
register: postfix_network_table_status
- name: Write the postfix virtual_domains map
template: src=virtual_domains.j2 dest=/etc/postfix/virtual_domains owner=root group=root mode=0444
register: postfix_virtual_domains_status
- name: Write the postfix transport map
template: src=transport.j2 dest=/etc/postfix/transport owner=root group=root mode=0444
register: postfix_transport_table_status
when: postfix_transport_map_enabled | bool
- name: Update the network hash table
shell: postmap hash:/etc/postfix/network_table
when: postfix_network_table_status is changed
- name: Update the virtual_domains
shell: postmap hash:/etc/postfix/virtual_domains
when: postfix_virtual_domains_status is changed
- name: Update the transport hash table
shell: postmap hash:/etc/postfix/transport
when: postfix_transport_table_status is changed
when: postfix_enabled | bool
tags: [ 'postfix', 'postfix_conf', 'postfix_maps' ]
- block:
- name: Ensure that postfix is started and enabled
service: name=postfix state=started enabled=yes
- name: Restart postfix
service: name=postfix state=restarted
when: ( postfix_main_restart_needed is changed ) or ( postfix_master_restart_needed is changed )
when: postfix_enabled | bool
tags: [ 'postfix', 'postfix_conf' ]

View File

@ -343,6 +343,9 @@ relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }}
# TRANSPORT MAP # TRANSPORT MAP
# #
# See the discussion in the ADDRESS_REWRITING_README document. # See the discussion in the ADDRESS_REWRITING_README document.
{% if postfix_transport_map_enabled %}
transport_maps = {% for tmap in postfix_transport_maps %}{{ tmap }}{% if not loop.last %}, {% endif %}{% endfor %}
{% endif %}
# ALIAS DATABASE # ALIAS DATABASE
# #
@ -478,14 +481,18 @@ recipient_delimiter = {{ postfix_recipient_delimiter }}
# #
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp #fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport = #fallback_transport =
{% if postfix_inet_lmtp_enabled %} {% if postfix_virtual_transport_enabled %}
virtual_transport = lmtp:inet:{{ postfix_inet_lmtp_host }}:{{ postfix_inet_lmtp_port }} virtual_transport = {{ postfix_virtual_transport_protocol }}:{{ postfix_lmtp_protocol }}:{{ postfix_lmtp_host }}:{{ postfix_lmtp_port }}
{% endif %}
{% if postfix_virtual_addresses %}
virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }} virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }}
virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %} virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %}
{% endif %}
{% if postfix_virtual_domains %}
virtual_alias_domains = = {{ postfix_virtual_alias_domains }}
{% endif %}
{% if postfix_virtual_addresses %}
virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %} virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %}
virtual_mailbox_limit = {{ postfix_message_size_limit }} virtual_mailbox_limit = {{ postfix_message_size_limit }}
@ -570,7 +577,24 @@ smtpd_client_restrictions =
{% if postfix_submission_server %} {% if postfix_submission_server %}
permit_sasl_authenticated permit_sasl_authenticated
{% endif %} {% endif %}
{% if postfix_mx_server %}
reject_unknown_sender_domain
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_invalid_hostname
# reject_non_fqdn_hostname
reject_unauth_destination
reject_unknown_recipient_domain
reject_unlisted_recipient
{% if postfix_rbl_enabled %}
reject_rbl_client {{ postfix_rbl_list }}
{% endif %}
{% endif %}
{% if postfix_mx_server %}
permit
{% else %}
reject reject
{% endif %}
{% if postfix_submission_server %} {% if postfix_submission_server %}
smtpd_sasl_path = smtpd smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes

View File

@ -0,0 +1,3 @@
{% for map in postfix_transport_data %}
{{ map.domain }} {{ map.action }}
{% endfor %}

View File

@ -0,0 +1,11 @@
{% if postfix_virtual_domains | bool %}
{% for dom in postfix_virtual_alias_domains_data %}
{{ dom.domain }} OK
{% endfor %}
{% elif postfix_virtual_addresses | bool %}
{% for dom in postfix_virtual_mailbox_domains_data %}
{{ dom.domain }} OK
{% endfor %}
{% else %}
localdomain OK
{% endif %}