rodič
revize
dd7d5fbedc
12 změnil soubory, kde provedl 144 přidání a 54 odebrání
  1. +10
    -1
      defaults/main.yml
  2. +12
    -0
      handlers/main.yml
  3. +29
    -18
      tasks/main.yml
  4. +10
    -0
      tasks/opendkim.yaml
  5. +10
    -0
      tasks/opendmarc.yaml
  6. +14
    -21
      templates/main.cf.j2
  7. +26
    -14
      templates/master.cf.j2
  8. +7
    -0
      templates/virtual_alias_domains.j2
  9. +8
    -0
      templates/virtual_alias_maps.j2
  10. +7
    -0
      templates/virtual_mailbox_domains.j2
  11. +8
    -0
      templates/virtual_mailbox_maps.j2
  12. +3
    -0
      vars/methods/postfixadmin.yaml

+ 10
- 1
defaults/main.yml Zobrazit soubor

@@ -1,6 +1,9 @@
mailname: "{{inventory_hostname}}"

postfix_method: none
postfix_method: false

postfix_smtp_service: true
postfix_submission_service: false

postfix_postfixadmin_mysql_database: postfixadmin
postfix_postfixadmin_mysql_username: postfix
@@ -10,3 +13,9 @@ postfix_check_spamhaus: false

postfix_with_opendkim: false
postfix_with_opendmarc: false

postfix_virtual_transport: virtual # lmtp:unix:private/dovecot-lmtp

postfix_submission_service_smtpd_sasl_path: private/auth

postfix_smtps_service: false

+ 12
- 0
handlers/main.yml Zobrazit soubor

@@ -1,5 +1,17 @@
---

- name: postmap virtual_alias_domains
command: postmap /etc/postfix/virtual_alias_domains

- name: postmap virtual_alias_maps
command: postmap /etc/postfix/virtual_alias_maps

- name: postmap virtual_mailbox_domains
command: postmap /etc/postfix/virtual_mailbox_domains

- name: postmap virtual_mailbox_maps
command: postmap /etc/postfix/virtual_mailbox_maps

- name: restart postfix
service:
name: postfix


+ 29
- 18
tasks/main.yml Zobrazit soubor

@@ -5,6 +5,12 @@
pkg:
- postfix

- name: mailname
copy:
content: "{{mailname}}"
dest: /etc/mailname
notify: reload postfix

- name: master configuration
template:
src: master.cf.j2
@@ -17,11 +23,29 @@
dest: /etc/postfix/main.cf
notify: reload postfix

- name: mailname
copy:
content: "{{mailname}}"
dest: /etc/mailname
notify: reload postfix
- name: postfix virtual_alias_domains
template:
src: virtual_alias_domains.j2
dest: /etc/postfix/virtual_alias_domains
notify: postmap virtual_alias_domains

- name: postfix virtual_alias_maps
template:
src: virtual_alias_maps.j2
dest: /etc/postfix/virtual_alias_maps
notify: postmap virtual_alias_maps

- name: postfix virtual_mailbox_domains
template:
src: virtual_mailbox_domains.j2
dest: /etc/postfix/virtual_mailbox_domains
notify: postmap virtual_mailbox_domains

- name: postfix virtual_mailbox_maps
template:
src: virtual_mailbox_maps.j2
dest: /etc/postfix/virtual_mailbox_maps
notify: postmap virtual_mailbox_maps

- import_tasks: spf.yaml
when: postfix_check_spf
@@ -38,16 +62,3 @@
- name: check postfix configuration
command: postfix check
changed_when: false

- name: configuration pull directory
local_action: file
args:
path: ~/host_files/{{inventory_hostname}}/etc
state: directory

- name: pull configuration
synchronize:
src: /etc/postfix
dest: ~/host_files/{{inventory_hostname}}/etc/
mode: pull
recursive: true

+ 10
- 0
tasks/opendkim.yaml Zobrazit soubor

@@ -2,6 +2,16 @@

- import_role:
name: opendkim
vars:
opendkim_socket: local:/var/spool/postfix/run/opendkim/opendkim.sock

- name: opendkim run directory in postfix spool
file:
path: /var/spool/postfix/run/opendkim
state: directory
owner: opendkim
group: opendkim
mode: 0755

- name: ensure postfix user is in opendkim group
user:


+ 10
- 0
tasks/opendmarc.yaml Zobrazit soubor

@@ -2,6 +2,16 @@

- import_role:
name: opendmarc
vars:
opendmarc_socket: local:/var/spool/postfix/run/opendmarc/opendmarc.sock

- name: opendmarc run directory in postfix spool
file:
path: /var/spool/postfix/run/opendmarc
state: directory
owner: opendmarc
group: opendmarc
mode: 0755

- name: ensure postfix user is in opendmarc group
user:


+ 14
- 21
templates/main.cf.j2 Zobrazit soubor

@@ -54,6 +54,9 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# Allow connections from trusted networks only.
#smtpd_client_restrictions = permit_mynetworks, reject

# Require that a remote SMTP client introduces itself
#smtpd_helo_required = yes

# Don't talk to mail systems that don't know their own hostname.
#smtpd_helo_restrictions = reject_unknown_helo_hostname

@@ -79,9 +82,6 @@ smtpd_recipient_restrictions =
# may specify any destination domain.
smtpd_relay_restrictions =
permit_mynetworks,
{% if postfix_method == "postfixadmin" %}
permit_sasl_authenticated,
{% endif %}
reject_unauth_destination

# Block clients that speak too early.
@@ -97,15 +97,6 @@ smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
#}


### SASL

{% if postfix_method == "postfixadmin" %}
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
{% endif %}


### DKIM and DMARC

non_smtpd_milters =
@@ -127,26 +118,28 @@ smtpd_milters =

### Virtual Domain Hosting

virtual_transport =
virtual_alias_domains =
hash:/etc/postfix/virtual_alias_domains,

virtual_alias_maps =
hash:/etc/postfix/virtual_alias_maps,
{% if postfix_method == "postfixadmin" %}
# use dovecot lmtp for mail transport
lmtp:unix:private/dovecot-lmtp
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_catchall_maps.cf
{% endif %}

virtual_mailbox_domains =
hash:/etc/postfix/virtual_mailbox_domains,
{% if postfix_method == "postfixadmin" %}
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_domains_maps.cf
{% endif %}

virtual_mailbox_maps =
hash:/etc/postfix/virtual_mailbox_maps,
{% if postfix_method == "postfixadmin" %}
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_mailbox_maps.cf
{% endif %}

virtual_alias_maps =
{% if postfix_method == "postfixadmin" %}
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/postfixadmin-sql/mysql_virtual_alias_domain_catchall_maps.cf
{% endif %}
virtual_transport = {{postfix_virtual_transport}}

+ 26
- 14
templates/master.cf.j2 Zobrazit soubor

@@ -11,25 +11,36 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
{% if postfix_smtp_service %}
smtp inet n - y - - smtpd
{% endif %}
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
#submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
{% if postfix_submission_service %}
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path={{postfix_submission_service_smtpd_sasl_path}}
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=hash:/etc/postfix/virtual
-o smtpd_sender_restrictions=reject_sender_login_mismatch
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o smtpd_reject_unlisted_recipient=no
-o smtpd_helo_required=no
-o smtpd_helo_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
{% endif %}
{% if postfix_smtps_service %}
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
@@ -38,6 +49,7 @@ smtp inet n - y - - smtpd
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
{% endif %}
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup


+ 7
- 0
templates/virtual_alias_domains.j2 Zobrazit soubor

@@ -0,0 +1,7 @@
{{ansible_managed|comment}}

{% if postfix_virtual_alias_domains is defined %}
{% for domain in postfix_virtual_alias_domains %}
{{domain}} OK
{% endfor %}
{% endif %}

+ 8
- 0
templates/virtual_alias_maps.j2 Zobrazit soubor

@@ -0,0 +1,8 @@
{{ansible_managed|comment}}

{% if postfix_virtual_alias_maps is defined %}
{% for from in postfix_virtual_alias_maps %}
{% set to = postfix_virtual_alias_maps[from] %}
{{from}} {{to}}
{% endfor %}
{% endif %}

+ 7
- 0
templates/virtual_mailbox_domains.j2 Zobrazit soubor

@@ -0,0 +1,7 @@
{{ansible_managed|comment}}

{% if postfix_virtual_mailbox_domains is defined %}
{% for domain in postfix_virtual_mailbox_domains %}
{{domain}} OK
{% endfor %}
{% endif %}

+ 8
- 0
templates/virtual_mailbox_maps.j2 Zobrazit soubor

@@ -0,0 +1,8 @@
{{ansible_managed|comment}}

{% if postfix_virtual_mailbox_maps is defined %}
{% for from in postfix_virtual_mailbox_maps %}
{% set to = postfix_virtual_mailbox_maps[from] %}
{{from}} {{to}}
{% endfor %}
{% endif %}

+ 3
- 0
vars/methods/postfixadmin.yaml Zobrazit soubor

@@ -0,0 +1,3 @@
postfix_smtpd_sasl_type: dovecot
postfix_smtpd_sasl_path: private/auth
postfix_smtpd_sasl_auth_enable: true

Načítá se…
Zrušit
Uložit