--- - name: "Load default config for domains" set_fact: dc: "{{ dc|default({})|combine( { item: { 'user_lookup': { 'provider': 'file', 'file': vmail_home +'/'+item+'_users', 'domain': item, 'server_host': postfix_ldap_server, 'server_port': postfix_ldap_port, 'version': postfix_ldap_version, 'scope': postfix_ldap_scope, 'bind': postfix_ldap_bind, 'bind_dn': postfix_ldap_bind_dn, 'bind_pw': postfix_ldap_bind_pw, 'start_tls': postfix_ldap_start_tls, 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file, 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir, 'search_base': 'ou=People,'+item.split('.')|map('regex_replace','^','dc=')|join(','), 'query_filter': '(&(objectClass=inetOrgPerson)(uid=%u))', 'result_attribute': 'uid', 'result_format': vmail_home+'/mail/'+item+'/%s/', 'dbpath': vmail_home+'/'+item+'_users.sqlite', 'query': postfix_sqlite_user_query }, 'users': [], 'alias_lookup': { 'provider': 'file', 'file': vmail_home +'/'+item+'_aliases', 'domain': item, 'server_host': postfix_ldap_server, 'server_port': postfix_ldap_port, 'version': postfix_ldap_version, 'scope': postfix_ldap_scope, 'bind': postfix_ldap_bind, 'bind_dn': postfix_ldap_bind_dn, 'bind_pw': postfix_ldap_bind_pw, 'start_tls': postfix_ldap_start_tls, 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file, 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir, 'search_base': 'ou=Alias,'+item.split('.')|map('regex_replace','^','dc=')|join(','), 'query_filter': '(&(objectClass=nisMailAlias)(cn=%u))', 'result_attribute': 'rfc822MailMember', 'result_format': '%s', 'dbpath': vmail_home+'/'+item+'_aliases.sqlite', 'query': postfix_sqlite_alias_query }, 'aliases': [], 'use_group_as_alias': postfix_ldap_use_group_alias, 'group_lookup': { 'provider': 'ldap', 'domain': item, 'server_host': postfix_ldap_server, 'server_port': postfix_ldap_port, 'version': postfix_ldap_version, 'scope': postfix_ldap_scope, 'bind': postfix_ldap_bind, 'bind_dn': postfix_ldap_bind_dn, 'bind_pw': postfix_ldap_bind_pw, 'start_tls': postfix_ldap_start_tls, 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file, 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir, 'search_base': 'ou=Group,'+item.split('.')|map('regex_replace','^','dc=')|join(','), 'query_filter': '(&(objectClass=posixGroup)(cn=%u))', 'result_attribute': 'memberUid', 'result_format': '%s@{{d}}', }, 'noreply_aliases': [ 'noreply' ], 'noreply_file': vmail_home +'/'+item+'_noreply', } }, recursive=True) }}" with_items: "{{ postfix_mail_domains|belist }}" - name: "Override config for domains" set_fact: dc: '{{ dc | combine(postfix_domain_config, recursive=True) }}' - apt: name=postfix update_cache=yes - apt: name=postfix-pcre notify: restart postfix - apt: name=postfix-ldap when: # see http://jmespath.org/ - '"ldap" in dc|json_query("*.[ alias_lookup, user_lookup ][].provider")' notify: restart postfix - apt: name=postfix-sqlite when: # see http://jmespath.org/ - '"sqlite" in dc|json_query("*.[ alias_lookup, user_lookup ][].provider")' notify: restart postfix - name: "Template Dovecot delivery/auth service config for Postfix" template: src: 11-postfix.conf.j2 dest: /etc/dovecot/conf.d/11-postfix.conf notify: restart dovecot - name: "Configure lookup tables" include_tasks: lookup_tables.yml with_items: "{{postfix_mail_domains|belist}}" loop_control: loop_var: "domain" - name: "Configure no-reply local mail alias" blockinfile: block: | _dev_null: /dev/null marker: "# {mark} ANSIBLE-MANAGED ALIASES" path: "/etc/aliases" notify: newaliases - name: "Create rules directory for access lists" file: name: "{{ postfix_rules_dir }}" state: directory - name: "Template client access list" blockinfile: path: "{{ postfix_rules_dir }}/client_access_list" create: yes block: | # Edit host variable `postfix_client_access_list` to change these values {% for entry in postfix_client_access_list -%} {{ entry.regex }} {{ entry.action }} {% endfor %} - name: "Template helo access list" blockinfile: path: "{{ postfix_rules_dir }}/helo_access_list" create: yes block: | # Edit host variable `postfix_helo_access_list` to change these values {% for entry in postfix_helo_access_list -%} {{ entry.host }} {{ entry.action }} {% endfor %} notify: postmap access lists - name: "Template recipient access list" blockinfile: path: "{{ postfix_rules_dir }}/recipient_access_list" create: yes block: | # Edit host variable `postfix_recipient_access_list` to change these values {% for entry in postfix_recipient_access_list -%} {{ entry.rcpt }} {{ entry.action }} {% endfor %} notify: postmap access lists - name: "Template sender access list" blockinfile: path: "{{ postfix_rules_dir }}/sender_access_list" create: yes block: | # Edit host variable `postfix_sender_access_list` to change these values {% for entry in postfix_sender_access_list -%} {{ entry.sender }} {{ entry.action }} {% endfor %} notify: postmap access lists - name: "Set main.cf parameters" postconf: parameter: mydestination: >- {{ postfix_unix_domains | belist | union( [ ansible_fqdn, 'localhost.localdomain', 'localhost'] ) | difference( postfix_mail_domains|belist ) }} myhostname: "{{ postfix_server_name }}" mydomain: "{{ postfix_server_domain }}" mynetworks: >- {{ ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128'] | union( postfix_local_networks ) }} virtual_alias_maps: >- {% for d in postfix_mail_domains|belist %} {% set p = dc[d]['alias_lookup']['provider'] %} {% if p == "ldap" %} ldap:{{ postfix_config_dir }}/{{d}}_ldap_alias.cf {% if dc[d]['use_group_as_alias'] %}, ldap:{{ postfix_config_dir }}/{{d}}_ldap_group.cf {% endif %} {% elif p == "sqlite" %} sqlite:{{ postfix_config_dir }}/{{d}}_sqlite_alias.cf {% elif p == "file" %} hash:{{ vmail_home }}/{{d}}_aliases {% endif %}{{ '' if loop.last else ',' }}{% endfor %}, hash:{{ postfix_config_dir }}/noreply_aliases virtual_mailbox_maps: >- {% for d in postfix_mail_domains|belist %} {% set p = dc[d]['user_lookup']['provider'] %} {% if p == "ldap" %} ldap:{{ postfix_config_dir }}/{{d}}_ldap_user.cf {% elif p == "sqlite" %} sqlite:{{ postfix_config_dir }}/{{d}}_sqlite_user.cf {% elif p == "file" %} hash:{{ vmail_home }}/{{d}}_users {% endif %}{{ '' if loop.last else ',' }}{% endfor %}, virtual_transport: "lmtp:unix:private/dovecot-lmtp" virtual_mailbox_domains: "{{ postfix_mail_domains }}" smtpd_sasl_path: private/auth smtpd_sasl_type: dovecot smtpd_sasl_auth_enable: "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}" smtpd_tls_cert_file: "{{ postfix_tls_certificate }}" smtpd_tls_key_file: "{{ postfix_tls_private_key }}" smtp_tls_security_level: "{{postfix_incoming_tls_security}}" smtpd_tls_security_level: "{{postfix_outgoing_tls_security}}" smtpd_tls_auth_only: "{{ 'yes' if postfix_allow_insecure_auth else 'no'}}" smtpd_tls_session_cache_database: "{{ 'btree:${data_directory}/smtpd_scache' if postfix_tls_session_cache else '' }}" smtpd_client_restrictions: "{{ postfix_client_restrictions }}" smtpd_data_restrictions: "{{ postfix_data_restrictions }}" smtpd_helo_restrictions: "{{ postfix_helo_restrictions }}" smtpd_relay_restrictions: "{{ postfix_relay_restrictions }}" smtpd_recipient_restrictions: "{{ postfix_recipient_restrictions }}" message_size_limit: "{{ postfix_message_size_limit }}" smtpd_helo_required: "{{ 'yes' if postfix_helo_required else 'no' }}" biff: "{{ 'yes' if postfix_biff else 'no' }}" notify: reload postfix - name: "Enable submission service" postconf: service: submission type: inet private: 'n' command: smtpd parameter: milter_macro_daemon_name: ORIGINATING smtpd_client_restrictions: - permit_sasl_authenticated - reject smtpd_sasl_auth_enable: 'yes' smtpd_tls_security_level: encrypt syslog_name: postfix/submission notify: reload postfix when: "postfix_submission_enable == True" - name: "Disable submission service" postconf: service: submission type: inet state: absent notify: reload postfix when: "postfix_submission_enable == False" - name: "Enable postscreen" include_tasks: postscreen.yml when: "postfix_postscreen_enable == True" - name: "Disable postscreen" include_tasks: postscreen_disable.yml when: "postfix_postscreen_enable == False" # TODO: mensajes # TODO: milter_header_checks