From edc319cb99ef40efb32df446ada5eed4387c502d Mon Sep 17 00:00:00 2001
From: Markus Katharina Brechtel <markus.katharina.brechtel@thengo.net>
Date: Wed, 5 May 2021 12:20:18 +0200
Subject: [PATCH] relayhost settings

---
 defaults/main.yml    |  2 ++
 tasks/main.yml       |  1 +
 templates/main.cf.j2 | 18 ++++++++++++++++--
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 32f4e4d..b14e5d4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,7 @@
 mailname: "{{inventory_hostname}}"
 
+postfix_relayhost: ""
+postfix_relayhost_auth_enabled: false
 
 postfix_smtp_service: true
 postfix_submission_service: false
diff --git a/tasks/main.yml b/tasks/main.yml
index 18af2f6..ef6b7b7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -4,6 +4,7 @@
   apt:
     pkg:
       - postfix
+      #- libsasl2-modules-postfix
 
 - name: mailname
   copy:
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
index 4aa2ff4..708313e 100644
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -25,7 +25,7 @@ myhostname = {{mailname}}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = $myhostname, {{inventory_hostname}}, localhost.localdomain, localhost
-relayhost =
+relayhost = {{postfix_relayhost}}
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
 recipient_delimiter = +
@@ -33,15 +33,28 @@ inet_interfaces = all
 inet_protocols = all
 
 
+{% if postfix_relayhost_auth_enabled %}
+### outgoing relay auth
+# Enable auth
+smtp_sasl_auth_enable = yes
+# Set username and password
+smtp_sasl_password_maps = static:{{postfix_relayhost_auth_user}}:{{postfix_relayhost_auth_pass}}
+smtp_sasl_security_options = noanonymous
+# Turn on tls encryption
+smtp_tls_security_level = encrypt
+header_size_limit = 4096000
+{% endif %}
+
 ### TLS parameters
 
 smtpd_tls_cert_file={{postfix_certificate_fullchain_file}}
 smtpd_tls_key_file={{postfix_certificate_private_key_file}}
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+{% if not postfix_relayhost_auth_enabled %}
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_security_level = may
-
+{% endif %}
 
 
 ### rules and restricitons
@@ -171,6 +184,7 @@ virtual_transport = {{postfix_virtual_transport}}
 
 
 {% if postfix_with_sympa %}
+
 ### sympa
 sympa_destination_recipient_limit = 1
 sympabounce_destination_recipient_limit = 1