forked from ISTI-ansible-roles/ansible-roles
Manage the transport and virtual_domains maps.
This commit is contained in:
parent
c036b0bf8b
commit
d53b569189
|
@ -62,6 +62,9 @@ postfix_milter_action: tempfail
|
||||||
# SMTP server that not accept authenticated clients.
|
# SMTP server that not accept authenticated clients.
|
||||||
#############################################################################
|
#############################################################################
|
||||||
postfix_smtpd_server: False
|
postfix_smtpd_server: False
|
||||||
|
# SMTP server that routes emails coming from outside
|
||||||
|
#############################################################################
|
||||||
|
postfix_mx_server: False
|
||||||
#############################################################################
|
#############################################################################
|
||||||
# SMTP submission server: accepts authenticated clients
|
# SMTP submission server: accepts authenticated clients
|
||||||
#############################################################################
|
#############################################################################
|
||||||
|
@ -106,12 +109,25 @@ postfix_sasl_ldap_referrals: no
|
||||||
#
|
#
|
||||||
|
|
||||||
postfix_use_domain_name: False
|
postfix_use_domain_name: False
|
||||||
postfix_inet_lmtp_enabled: False
|
postfix_virtual_transport_enabled: False
|
||||||
postfix_inet_lmtp_host: '127.0.0.1'
|
postfix_virtual_transport_protocol: 'lmtp'
|
||||||
postfix_inet_lmtp_port: 24
|
postfix_lmtp_protocol: 'inet'
|
||||||
|
postfix_lmtp_host: '127.0.0.1'
|
||||||
|
postfix_lmtp_port: 24
|
||||||
postfix_delivery_soft_bounce: False
|
postfix_delivery_soft_bounce: False
|
||||||
postfix_recipient_delimiter: '+'
|
postfix_recipient_delimiter: '+'
|
||||||
postfix_local_recipients: False
|
postfix_local_recipients: False
|
||||||
|
postfix_transport_map_enabled: False
|
||||||
|
postfix_transport_maps:
|
||||||
|
- 'hash:/etc/postfix/transport'
|
||||||
|
|
||||||
|
postfix_transport_data: []
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# postfix_transport_data:
|
||||||
|
# - { domain: 'example.com', action: 'smtp:[dest.smtp.example.com]:25' }
|
||||||
|
postfix_rbl_enabled: True
|
||||||
|
postfix_rbl_list: 'zen.spamhaus.org'
|
||||||
|
|
||||||
postfix_mynetworks: hash:/etc/postfix/network_table
|
postfix_mynetworks: hash:/etc/postfix/network_table
|
||||||
postfix_mynetworks_data:
|
postfix_mynetworks_data:
|
||||||
|
@ -125,9 +141,23 @@ postfix_alias_databases: '{{ postfix_alias_maps }}'
|
||||||
|
|
||||||
postfix_virtual_addresses: False
|
postfix_virtual_addresses: False
|
||||||
postfix_virtual_mailbox_domains: 'hash:/etc/postfix/virtual_domains'
|
postfix_virtual_mailbox_domains: 'hash:/etc/postfix/virtual_domains'
|
||||||
|
postfix_virtual_mailbox_domains_data: []
|
||||||
|
#
|
||||||
|
# Example. The 'action' part is optional:
|
||||||
|
# postfix_virtual_mailbox_domains_data:
|
||||||
|
# - { domain: 'example.com', action: 'OK' }
|
||||||
|
|
||||||
postfix_virtual_mailbox_maps:
|
postfix_virtual_mailbox_maps:
|
||||||
- 'hash:/etc/postfix/vmailbox_maps'
|
- 'hash:/etc/postfix/vmailbox_maps'
|
||||||
|
|
||||||
|
postfix_virtual_domains: False
|
||||||
|
postfix_virtual_alias_domains: 'hash:/etc/postfix/virtual_domains'
|
||||||
|
postfix_virtual_alias_domains_data: []
|
||||||
|
#
|
||||||
|
# Example. The 'action' part is optional:
|
||||||
|
# postfix_virtual_alias_domains_data:
|
||||||
|
# - { domain: 'example.com', action: 'OK' }
|
||||||
|
|
||||||
postfix_virtual_alias_maps:
|
postfix_virtual_alias_maps:
|
||||||
- 'hash:/etc/postfix/virtual'
|
- 'hash:/etc/postfix/virtual'
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
- import_tasks: smtp-common-packages.yml
|
- import_tasks: smtp-common-packages.yml
|
||||||
|
- import_tasks: smtp-configuration.yml
|
||||||
- import_tasks: postfix_firewalld.yml
|
- import_tasks: postfix_firewalld.yml
|
||||||
when: ansible_distribution_file_variety == "RedHat"
|
when: ansible_distribution_file_variety == "RedHat"
|
||||||
- import_tasks: smtp-sasl-auth.yml
|
- import_tasks: smtp-sasl-auth.yml
|
||||||
|
|
|
@ -26,38 +26,9 @@
|
||||||
when: postfix_tls_encryption_level != "old"
|
when: postfix_tls_encryption_level != "old"
|
||||||
notify: Reload postfix
|
notify: Reload postfix
|
||||||
|
|
||||||
- name: Write the postfix main configuration file
|
|
||||||
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
|
|
||||||
register: postfix_main_restart_needed
|
|
||||||
|
|
||||||
- name: The postfix master.cf file adapts to the service role
|
|
||||||
template: src=master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
|
|
||||||
register: postfix_master_restart_needed
|
|
||||||
|
|
||||||
- name: Write the postfix network_table map
|
|
||||||
template: src=network_table.j2 dest=/etc/postfix/network_table owner=root group=root mode=0444
|
|
||||||
register: postfix_network_table_status
|
|
||||||
|
|
||||||
when: postfix_install_packages | bool
|
when: postfix_install_packages | bool
|
||||||
tags: [ 'postfix', 'postfix_conf' ]
|
tags: [ 'postfix', 'postfix_conf' ]
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Ensure that postfix is started and enabled
|
|
||||||
service: name=postfix state=started enabled=yes
|
|
||||||
|
|
||||||
- name: Update the network hash table
|
|
||||||
shell: postmap hash:/etc/postfix/network_table
|
|
||||||
when: postfix_network_table_status is changed
|
|
||||||
|
|
||||||
- name: Restart postfix
|
|
||||||
service: name=postfix state=restarted
|
|
||||||
when: ( postfix_main_restart_needed is changed ) or ( postfix_master_restart_needed is changed )
|
|
||||||
|
|
||||||
when:
|
|
||||||
- postfix_install_packages | bool
|
|
||||||
- postfix_enabled | bool
|
|
||||||
tags: [ 'postfix', 'postfix_conf' ]
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Ensure that postfix is stopped and disabled
|
- name: Ensure that postfix is stopped and disabled
|
||||||
service: name=postfix state=stopped enabled=no
|
service: name=postfix state=stopped enabled=no
|
||||||
|
@ -67,7 +38,6 @@
|
||||||
- not postfix_enabled | bool
|
- not postfix_enabled | bool
|
||||||
tags: postfix
|
tags: postfix
|
||||||
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Install the postfix NRPE nagios check
|
- name: Install the postfix NRPE nagios check
|
||||||
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
|
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
|
||||||
|
|
|
@ -0,0 +1,54 @@
|
||||||
|
---
|
||||||
|
- name: Postfix main configuration
|
||||||
|
block:
|
||||||
|
- name: Write the postfix main configuration file
|
||||||
|
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
|
||||||
|
register: postfix_main_restart_needed
|
||||||
|
|
||||||
|
- name: The postfix master.cf file adapts to the service role
|
||||||
|
template: src=master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
|
||||||
|
register: postfix_master_restart_needed
|
||||||
|
|
||||||
|
when: postfix_enabled | bool
|
||||||
|
tags: [ 'postfix', 'postfix_conf' ]
|
||||||
|
|
||||||
|
- name: Postfix maps installation
|
||||||
|
block:
|
||||||
|
- name: Write the postfix network_table map
|
||||||
|
template: src=network_table.j2 dest=/etc/postfix/network_table owner=root group=root mode=0444
|
||||||
|
register: postfix_network_table_status
|
||||||
|
|
||||||
|
- name: Write the postfix virtual_domains map
|
||||||
|
template: src=virtual_domains.j2 dest=/etc/postfix/virtual_domains owner=root group=root mode=0444
|
||||||
|
register: postfix_virtual_domains_status
|
||||||
|
|
||||||
|
- name: Write the postfix transport map
|
||||||
|
template: src=transport.j2 dest=/etc/postfix/transport owner=root group=root mode=0444
|
||||||
|
register: postfix_transport_table_status
|
||||||
|
when: postfix_transport_map_enabled | bool
|
||||||
|
|
||||||
|
- name: Update the network hash table
|
||||||
|
shell: postmap hash:/etc/postfix/network_table
|
||||||
|
when: postfix_network_table_status is changed
|
||||||
|
|
||||||
|
- name: Update the virtual_domains
|
||||||
|
shell: postmap hash:/etc/postfix/virtual_domains
|
||||||
|
when: postfix_virtual_domains_status is changed
|
||||||
|
|
||||||
|
- name: Update the transport hash table
|
||||||
|
shell: postmap hash:/etc/postfix/transport
|
||||||
|
when: postfix_transport_table_status is changed
|
||||||
|
|
||||||
|
when: postfix_enabled | bool
|
||||||
|
tags: [ 'postfix', 'postfix_conf', 'postfix_maps' ]
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Ensure that postfix is started and enabled
|
||||||
|
service: name=postfix state=started enabled=yes
|
||||||
|
|
||||||
|
- name: Restart postfix
|
||||||
|
service: name=postfix state=restarted
|
||||||
|
when: ( postfix_main_restart_needed is changed ) or ( postfix_master_restart_needed is changed )
|
||||||
|
|
||||||
|
when: postfix_enabled | bool
|
||||||
|
tags: [ 'postfix', 'postfix_conf' ]
|
|
@ -343,6 +343,9 @@ relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }}
|
||||||
# TRANSPORT MAP
|
# TRANSPORT MAP
|
||||||
#
|
#
|
||||||
# See the discussion in the ADDRESS_REWRITING_README document.
|
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||||
|
{% if postfix_transport_map_enabled %}
|
||||||
|
transport_maps = {% for tmap in postfix_transport_maps %}{{ tmap }}{% if not loop.last %}, {% endif %}{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# ALIAS DATABASE
|
# ALIAS DATABASE
|
||||||
#
|
#
|
||||||
|
@ -478,14 +481,18 @@ recipient_delimiter = {{ postfix_recipient_delimiter }}
|
||||||
#
|
#
|
||||||
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
|
||||||
#fallback_transport =
|
#fallback_transport =
|
||||||
{% if postfix_inet_lmtp_enabled %}
|
{% if postfix_virtual_transport_enabled %}
|
||||||
virtual_transport = lmtp:inet:{{ postfix_inet_lmtp_host }}:{{ postfix_inet_lmtp_port }}
|
virtual_transport = {{ postfix_virtual_transport_protocol }}:{{ postfix_lmtp_protocol }}:{{ postfix_lmtp_host }}:{{ postfix_lmtp_port }}
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if postfix_virtual_addresses %}
|
|
||||||
virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }}
|
virtual_mailbox_domains = {{ postfix_virtual_mailbox_domains }}
|
||||||
virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %}
|
virtual_mailbox_maps = {% for mbmap in postfix_virtual_mailbox_maps %}{{ mbmap }} {% endfor %}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if postfix_virtual_domains %}
|
||||||
|
virtual_alias_domains = = {{ postfix_virtual_alias_domains }}
|
||||||
|
{% endif %}
|
||||||
|
{% if postfix_virtual_addresses %}
|
||||||
virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %}
|
virtual_alias_maps = {% for mbmap in postfix_virtual_alias_maps %}{{ mbmap }} {% endfor %}
|
||||||
|
|
||||||
virtual_mailbox_limit = {{ postfix_message_size_limit }}
|
virtual_mailbox_limit = {{ postfix_message_size_limit }}
|
||||||
|
@ -570,7 +577,24 @@ smtpd_client_restrictions =
|
||||||
{% if postfix_submission_server %}
|
{% if postfix_submission_server %}
|
||||||
permit_sasl_authenticated
|
permit_sasl_authenticated
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if postfix_mx_server %}
|
||||||
|
reject_unknown_sender_domain
|
||||||
|
reject_non_fqdn_sender
|
||||||
|
reject_non_fqdn_recipient
|
||||||
|
reject_invalid_hostname
|
||||||
|
# reject_non_fqdn_hostname
|
||||||
|
reject_unauth_destination
|
||||||
|
reject_unknown_recipient_domain
|
||||||
|
reject_unlisted_recipient
|
||||||
|
{% if postfix_rbl_enabled %}
|
||||||
|
reject_rbl_client {{ postfix_rbl_list }}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% if postfix_mx_server %}
|
||||||
|
permit
|
||||||
|
{% else %}
|
||||||
reject
|
reject
|
||||||
|
{% endif %}
|
||||||
{% if postfix_submission_server %}
|
{% if postfix_submission_server %}
|
||||||
smtpd_sasl_path = smtpd
|
smtpd_sasl_path = smtpd
|
||||||
smtpd_sasl_auth_enable = yes
|
smtpd_sasl_auth_enable = yes
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
{% for map in postfix_transport_data %}
|
||||||
|
{{ map.domain }} {{ map.action }}
|
||||||
|
{% endfor %}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{% if postfix_virtual_domains | bool %}
|
||||||
|
{% for dom in postfix_virtual_alias_domains_data %}
|
||||||
|
{{ dom.domain }} OK
|
||||||
|
{% endfor %}
|
||||||
|
{% elif postfix_virtual_addresses | bool %}
|
||||||
|
{% for dom in postfix_virtual_mailbox_domains_data %}
|
||||||
|
{{ dom.domain }} OK
|
||||||
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
localdomain OK
|
||||||
|
{% endif %}
|
Loading…
Reference in New Issue