203 lines
7.7 KiB
YAML
203 lines
7.7 KiB
YAML
---
|
|
- name: Activar container postfix
|
|
docker_container:
|
|
name: "{{ postfix_container }}"
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
image: "{{ postfix_image }}"
|
|
volumes:
|
|
- "{{ postfix_volume }}:/etc/postfix"
|
|
- "{{ postfix_volume_ssl }}:/ssl"
|
|
networks:
|
|
- name: "{{ docker_network }}"
|
|
ports: "{{ postfix_publish_ports }}"
|
|
env:
|
|
MYDESTINATION: >-
|
|
{{ postfix_unix_domains |
|
|
union( [ ansible_fqdn, 'localhost.localdomain', 'localhost'] ) |
|
|
difference( postfix_mail_domains ) | join(', ') }}
|
|
MYHOSTNAME:
|
|
"{{ postfix_server_name }}"
|
|
MYDOMAIN:
|
|
"{{ postfix_server_domain }}"
|
|
MYNETWORKS: >-
|
|
{{ ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128'] |
|
|
union( postfix_local_networks ) | join(', ') }}
|
|
VIRTUAL_ALIAS_MAPS: >-
|
|
{% for d in postfix_mail_domains.keys()|list %}
|
|
{% set p = postfix_mail_domains[d].alias_lookup.provider|default(postfix_lookup_provider) %}
|
|
{% if p == "ldap" %}
|
|
ldap:/etc/postfix/{{ d }}_ldap_alias.cf
|
|
{% if postfix_mail_domains[d].alias_lookup.use_group_as_alias|default(postfix_ldap_use_group_alias) %},
|
|
ldap:/etc/postfix/{{ d }}_ldap_group.cf
|
|
{% endif %}
|
|
{% elif p == "sqlite" %}
|
|
sqlite:/etc/postfix/{{d}}_sqlite_alias.cf
|
|
{% elif p == "file" %}
|
|
hash:/etc/postfix/{{ d }}_aliases
|
|
{% endif %}, hash:/etc/postfix/{{ d }}_noreply
|
|
{{ '' if loop.last else ',' }}{% endfor %}
|
|
VIRTUAL_MAILBOX_MAPS: >-
|
|
{% for d in postfix_mail_domains.keys()|list %}
|
|
{% set p = postfix_mail_domains[d].user_lookup.provider|default(postfix_lookup_provider) %}
|
|
{% if p == "ldap" %}
|
|
ldap:/etc/postfix/{{ d }}_ldap_user.cf
|
|
{% elif p == "sqlite" %}
|
|
sqlite:/etc/postfix/{{ d }}_sqlite_user.cf
|
|
{% elif p == "file" %}
|
|
hash:/etc/postfix/{{ d }}_users
|
|
{% endif %}{{ '' if loop.last else ',' }}{% endfor %},
|
|
VIRTUAL_TRANSPORT: "lmtp:{{ dovecot_container }}:24"
|
|
VIRTUAL_MAILBOX_DOMAINS: "{{ postfix_mail_domains | join (', ') }}"
|
|
SMTPD_SASL_PATH: "inet:{{ dovecot_container }}:12345"
|
|
SMTPD_SASL_TYPE: dovecot
|
|
SMTPD_SASL_AUTH_ENABLE: "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
|
|
SMTPD_TLS_CERT_FILE: /ssl/cert.pem
|
|
SMTPD_TLS_KEY_FILE: /ssl/key.pem
|
|
SMTP_TLS_SECURITY_LEVEL:
|
|
"{{postfix_incoming_tls_security}}"
|
|
SMTPD_TLS_SECURITY_LEVEL:
|
|
"{{postfix_outgoing_tls_security}}"
|
|
SMTPD_TLS_AUTH_ONLY:
|
|
"{{ 'yes' if postfix_allow_insecure_auth else 'no'}}"
|
|
SMTPD_TLS_SESSION_CACHE_DATABASE:
|
|
"{{ 'btree:${data_directory}/smtpd_scache' if postfix_tls_session_cache else '' }}"
|
|
SMTPD_CLIENT_RESTRICTIONS:
|
|
"{{ postfix_client_restrictions | join(', ') }}"
|
|
SMTPD_DATA_RESTRICTIONS:
|
|
"{{ postfix_data_restrictions | join(', ') }}"
|
|
SMTPD_HELO_RESTRICTIONS:
|
|
"{{ postfix_helo_restrictions | join(', ') }}"
|
|
SMTPD_RELAY_RESTRICTIONS:
|
|
"{{ postfix_relay_restrictions | join(', ') }}"
|
|
SMTPD_RECIPIENT_RESTRICTIONS:
|
|
"{{ postfix_recipient_restrictions | join(', ') }}"
|
|
MESSAGE_SIZE_LIMIT:
|
|
"{{ postfix_message_size_limit | string }}"
|
|
SMTPD_HELO_REQUIRED:
|
|
"{{ 'yes' if postfix_helo_required else 'no' }}"
|
|
BIFF:
|
|
"{{ 'yes' if postfix_biff else 'no' }}"
|
|
SUBMISSION_ENABLE:
|
|
"{{ 'yes' if postfix_submission_enable else 'no' }}"
|
|
POSTSCREEN_ENABLE:
|
|
"{{ 'yes' if postfix_postscreen_enable else 'no' }}"
|
|
POSTSCREEN_ACCESS_LIST:
|
|
"cidr:/etc/postfix/{{ postfix_rules_dir }}/postscreen_access_list.cidr, permit_mynetworks"
|
|
POSTSCREEN_DNSBL_SITES: "\
|
|
{% for entry in postfix_postscreen_dnsbl_sites -%}\
|
|
{% if entry is string -%}{{ entry }}{% elif entry is mapping -%}\
|
|
{{ entry.site }}{{ '*' if entry.score is defined else '' }}\
|
|
{{ entry.score | default('') }}{% endif %}\
|
|
{{ '' if loop.last else ', ' }}{% endfor %}"
|
|
POSTSCREEN_DNSBL_REPLY_MAP:
|
|
"pcre:/etc/postfix/{{ postfix_rules_dir }}/postscreen_dnsbl_mask.pcre"
|
|
POSTSCREEN_BLACKLIST_ACTION:
|
|
"{{ postfix_postscreen_blacklist_action }}"
|
|
POSTSCREEN_DNSBL_ACTION:
|
|
"{{ postfix_postscreen_dnsbl_action }}"
|
|
POSTSCREEN_DNSBL_THRESHOLD:
|
|
"{{ postfix_postscreen_dnsbl_threshold | string}}"
|
|
POSTSCREEN_DNSBL_WHITELIST_THRESHOLD:
|
|
"{{ postfix_postscreen_dnsbl_whitelist_threshold | string }}"
|
|
POSTSCREEN_GREET_ACTION:
|
|
"{{ postfix_postscreen_greet_action }}"
|
|
|
|
register: container
|
|
|
|
- name: Exportar informacion de container
|
|
set_fact:
|
|
postfix_container: "{{ lookup('vars','postfix_container') }}"
|
|
|
|
- when: postfix_volume[0] != '/'
|
|
block:
|
|
- name: Leer info de volumen {{ postfix_volume }}
|
|
docker_volume_info:
|
|
name: "{{ postfix_volume }}"
|
|
register: res_cfg
|
|
- name: Exportar informacion de volumen
|
|
set_fact:
|
|
postfix_volume: "{{ lookup('vars','postfix_volume') }}"
|
|
postfix_mountpoint: "{{ res_cfg.volume.Mountpoint }}"
|
|
|
|
- when: postfix_volume[0] == '/'
|
|
block:
|
|
- name: Exportar informacion de volumen
|
|
set_fact:
|
|
postfix_volume: "{{ lookup('vars','postfix_volume') }}"
|
|
postfix_mountpoint: "{{ lookup('vars','postfix_volume') }}"
|
|
|
|
- when: postfix_volume_ssl[0] != '/'
|
|
block:
|
|
- name: Leer info de volumen {{ postfix_volume_ssl }}
|
|
docker_volume_info:
|
|
name: "{{ postfix_volume_ssl }}"
|
|
register: res_ssl
|
|
- name: Exportar informacion de volumen
|
|
set_fact:
|
|
postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
|
|
postfix_mountpoint_ssl: "{{ res_ssl.volume.Mountpoint }}"
|
|
|
|
- when: postfix_volume_ssl[0] == '/'
|
|
block:
|
|
- name: Exportar informacion de volumen
|
|
set_fact:
|
|
postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
|
|
postfix_mountpoint_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
|
|
|
|
# FIXME: resolver access lists y tables en Docker
|
|
|
|
- name: Configurar lookup tables
|
|
include_tasks: lookup_tables.yml
|
|
loop: "{{ postfix_mail_domains.keys()|list }}"
|
|
loop_control:
|
|
loop_var: domain
|
|
|
|
- name: Template client access list
|
|
blockinfile:
|
|
path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/client_access_list"
|
|
create: yes
|
|
block: |
|
|
# Edit host variable `postfix_client_access_list` to change these values
|
|
{% for entry in postfix_client_access_list -%}
|
|
{{ entry.regex }} {{ entry.action }}
|
|
{% endfor %}
|
|
notify: postmap access lists
|
|
|
|
- name: Template helo access list
|
|
blockinfile:
|
|
path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/helo_access_list"
|
|
create: yes
|
|
block: |
|
|
# Edit host variable `postfix_helo_access_list` to change these values
|
|
{% for entry in postfix_helo_access_list -%}
|
|
{{ entry.host }} {{ entry.action }}
|
|
{% endfor %}
|
|
notify: postmap access lists
|
|
|
|
- name: Template recipient access list
|
|
blockinfile:
|
|
path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/recipient_access_list"
|
|
create: yes
|
|
block: |
|
|
# Edit host variable `postfix_recipient_access_list` to change these values
|
|
{% for entry in postfix_recipient_access_list -%}
|
|
{{ entry.rcpt }} {{ entry.action }}
|
|
{% endfor %}
|
|
notify: postmap access lists
|
|
|
|
- name: Template sender access list
|
|
blockinfile:
|
|
path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/sender_access_list"
|
|
create: yes
|
|
block: |
|
|
# Edit host variable `postfix_sender_access_list` to change these values
|
|
{% for entry in postfix_sender_access_list -%}
|
|
{{ entry.sender }} {{ entry.action }}
|
|
{% endfor %}
|
|
notify: postmap access lists
|
|
|
|
# TODO: mensajes
|
|
|
|
# TODO: milter_header_checks
|