Giter Club home page Giter Club logo

ansible-role-postfix's Introduction

Ansible Role: Postfix

An Ansible role that installs Postfix and configures it.

Table of Contents

Requirements

  • Ansible 2+

Role Variables

This role does in no way capture the entirety of possible postfix options. If you need something specific, feel free to contribute!

The content field is optional for of all dictionary variables potentially referring to configuration tables, e.g. postfix_transport.

Basic Variables

Variables with defaults:

postfix_inet_interfaces:
  - localhost

postfix_inet_protocols: all

postfix_destinations:
  - $myhostname
  - localhost.$mydomain
  - localhost

These variables are empty by default, but postfix has its own defaults for them. Check postconf -d | grep ^my for their defaults.

postfix_hostname: host.example.org
postfix_domain: example.org
postfix_origin: example.org

Note: Consult man 5 postconf for more information.

Masquerading

Masquerading can strip off subdomain structure, e.g. to rewrite [email protected] to [email protected]:

postfix_masquerade_domains:
  - example.org

Addresses that will be changed by masquerading:

postfix_masquerade_classes:
  - envelope_sender
  - envelope_recipient
  - header_sender
  - header_recipient

Users who are exceptions to masquerading:

postfix_masquerade_exceptions:
  - root

Note: Masquerading address mapping mechanism is able to rewrite both header and envelope addresses. For headers to be rewritten, see the section about Automatic Header Rewriting.

Aliases

The variable postfix_aliases configures /etc/aliases, e.g.:

postfix_aliases:
  - user: icinga
    alias: root
  - user: root
    alias: [email protected]

Relay and Transport

Delivery targets, i.e. relays:

postfix_relayhost: relay1.domain.org
postfix_smtp_fallback_relay: relay2.domain.org

Additionally, there is more fine-grained control with the transport table:

postfix_transport:
  - type: hash
    dest: /etc/postfix/transport
    content: |
      foo.org         smtp:[imap1.example.org]
      .foo.org        smtp:[imap1.example.org]
      bar.org         smtp:[imap2.example.org]
      .bar.org        smtp:[imap2.example.org]

Note: Consult man 5 transport for more information.

Canonical Address Mapping

Rewrite recipient and sender:

postfix_canonical:
  - type: hash
    dest: /etc/postfix/canonical
    content: |
      [email protected] [email protected]
  - type: ldap
    dest: /etc/postfix/ldap-canonical.cf
    content: |
      server_host = ldap.example.org
      search_base = dc=example, dc=org
      query_filter = uid=%s
      result_attribute = mail

Rewrite recipient:

postfix_recipient_canonical:
  - type: hash
    dest: /etc/postfix/recipient_canonical
    content: |
      [email protected]   [email protected]
      [email protected] [email protected]

Rewrite sender:

postfix_sender_canonical:
  - type: hash
    dest: /etc/postfix/sender_canonical
    content: |
      [email protected]   [email protected]
      [email protected] [email protected]

Note: The canonical address mapping mechanism is able to rewrite both header and envelope addresses. For headers to be rewritten, see the section about Automatic Header Rewriting.

Note: Consult man 5 canonical for more information.

SMTP Generic Table

Defines address mappings when mail is delivered via SMTP. This is useful to transform local mail addresses into valid mail addresses. The following example rewrites the sender icinga@internal to [email protected] and everything else @internal to [email protected]:

postfix_smtp_generic:
  type: hash
  dest: /etc/postfix/smtp_generic
  content: |
    icinga@internal [email protected]
    @internal       [email protected]

Note: Affects both message header addresses, i.e. the From: field, and envelope addresses which are used by SMTP.

Note: Consult man 5 generic for more information.

Header Checks

This lets you rewrite or reject message headers:

postfix_header_checks:
  - type: regexp
    dest: /etc/postfix/header_checks
    content: |
      /^From: root@[^ ]+\.example.org .*/ REPLACE From: [email protected]

Note: Consult man 5 header_checks for more information.

SMTP

postfix_smtp:
  tls_CApath: '/etc/pki/tls/certs'
  tls_security_level: 'may'
  tls_cert_file: '/etc/pki/cert.pem'
  tls_key_file: '/etc/pki/key.pem'
  tls_note_starttls_offer: 'yes'

postfix_smtpd:
  tls_CApath: '/etc/pki/tls/certs'
  tls_security_level: 'may'
  tls_cert_file: '/etc/pki/cert.pem'
  tls_key_file: '/etc/pki/key.pem'
  tls_auth_only: 'no'
  tls_loglevel: '1'
  tls_received_header: 'yes'
  tls_session_cache_timeout: '3600s'

postfix_tls_random_source: 'dev:/dev/urandom'

Note: At the moment, PEM files need to be copied manually.

Automatic Header Rewriting

Starting with Postfix 2.2 automatic message header rewriting has been disabled by default. Instead, only envelope addresses get rewritten. This applies to the address rewriting facilities. Check man 5 postconf to see if it applies to your configuration entries.

To get the behavior before Postfix 2.2, add this variable:

postfix_local_header_rewrite_clients:
  - type: static
    dest: all

Dependencies

None.

Example Playbook

Add to requirements.yml:

---

- src: idiv-biodiversity.postfix

...

Download:

$ ansible-galaxy install -r requirements.yml

Top-Level Playbook

Write a top-level playbook:

---

- name: head server
  hosts: head

  roles:
    - role: idiv-biodiversity.postfix
      tags:
        - mail
        - mta
        - postfix

...

Role Dependency

Define the role dependency in meta/main.yml:

---

dependencies:

  - role: idiv-biodiversity.postfix
    tags:
      - mail
      - mta
      - postfix

...

License

MIT

Author Information

This role was created in 2017 by Christian Krause aka wookietreiber at GitHub, HPC cluster systems administrator at the German Centre for Integrative Biodiversity Research (iDiv), based on a draft by Ben Langenberg aka bencarsten at GitHub.

ansible-role-postfix's People

Contributors

wookietreiber avatar ostertagconrad avatar directorsloan avatar tazend avatar marxmaneuw avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.