publish submission port

enable submission
fix variable type
2019-10-02 20:54:07 -03:00 · 2019-10-02 19:34:02 -03:00 · 2019-09-30 17:13:35 -03:00 · 2019-09-30 17:12:06 -03:00 · 2019-09-30 17:11:01 -03:00 · 2019-09-30 17:09:04 -03:00
8 changed files with 241 additions and 280 deletions
--- a/action_plugins/postconf.py
+++ b/action_plugins/postconf.py
@ -43,28 +43,31 @@ class ActionModule(ActionBase):
                return '{}'.format(self._task.args.get(key, ''))
            if key in ('private', 'unprivileged', 'chroot', 'wakeup', 'process_limit'):
                return '{}'.format(self._task.args.get(key, ''))
            if key == 'container_name':
                return '{}'.format(self._task.args.get(key, 'postfix'))
        # no default value for key: return as-is
        return self._task.args.get(key)
    def runcmd(self, reg_name, cmd, param=None):
        fullcmd = 'docker exec '+ self.getarg('container_name') + ' ' + cmd
        try:
            if param:
                self.reg[param][reg_name] = self._execute_module(
                    module_name='command',
-                    module_args=dict(_raw_params=cmd)
+                    module_args=dict(_raw_params=fullcmd)
                )
                return
            self.reg[reg_name] = self._execute_module(
                module_name='command',
-                module_args=dict(_raw_params=cmd)
+                module_args=dict(_raw_params=fullcmd)
            )
        except Exception as e:
            raise PfWorkflowError(
                "{}: {}; failed command line: {}".format(
                    type(e).__name__,
                    to_text(e),
-                    cmd
+                    fullcmd
                )
            )
@ -206,7 +209,7 @@ class ActionModule(ActionBase):
                pass
            else:
                # remove whole service definition
-                cmdline = 'postconf -M# {}/{}'.format(service,stype)
+                cmdline = 'postconf -M# {}/{}'.format(self.service,self.stype)
                self.runcmd('cmd_remove_service',cmdline)
        # non-absent states: set all fields -----------------------------------
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,6 +1,29 @@
 ---
-# directorio con reglas
+# nombre imagen
-postfix_rules_dir: /etc/postfix/rules
+postfix_image: eumau/postfix
 # nombre container
 postfix_container: postfix
 # volumen con la configuracion de /etc/postfix
 postfix_volume: postfix
 # volumen con la configuracion ssl
 postfix_volume_ssl: postfix_ssl
 # nombre de la red docker, seteado por rol docker
 docker_network_name: dockernet
 # nombre del container dovecot, seteado por rol dovecot
 dovecot_container: dovecot
 # puertos públicos
 postfix_publish_ports:
  - "25:25"
  - "587:587"
 # directorio con reglas, relativo al volumen
 postfix_rules_dir: rules
 # accepted email domains
 postfix_mail_domains: "{{ mail_domains | default(['example.com']) }}"
@ -33,8 +56,8 @@ postfix_mail_home: "{{ vmail_home | default('/srv/mail') }}"
 # LDAP ------------------------------------------------------------------------
 # Default LDAP connection parameters
-postfix_ldap_server: "{{ ldap_server | default('localhost') }}"
+postfix_ldap_server: "{{ ldap_server | default(ldap_container|default('ldap')) }}"
-postfix_ldap_port: "{{ ldap_port | default(389) }}"
+postfix_ldap_port: "{{ ldap_port | default(ldap_port|default('389')) }}"
 postfix_ldap_version: "{{ ldap_version | default(3) }}"
 postfix_ldap_scope: "{{ ldap_search_scope | default('sub') }}"
 postfix_ldap_bind: "{{ ldap_bind | default(False) }}"
@ -57,10 +80,6 @@ postfix_submission_enable: yes
 # TLS -------------------------------------------------------------------------
 # TLS certificate/private key to use
 postfix_tls_certificate: "{{ tls_certificate | default('') }}"
 postfix_tls_private_key: "{{ tls_certificate_key | default('') }}"
 # level of encryption to use for sending mail to the Internet
 # only change this if you know what the implications are, see
 # http://www.postfix.org/postconf.5.html#smtp_tls_security_level
@ -123,7 +142,7 @@ postfix_client_access_list: []
 # Restricciones aplicadas a los clientes SMTP
 postfix_client_restrictions:
-  - check_client_access pcre:{{ postfix_rules_dir }}/client_access_list
+  - check_client_access pcre:/etc/postfix/{{ postfix_rules_dir }}/client_access_list
  - permit_sasl_authenticated
  - permit_mynetworks
  - reject_unknown_client_hostname
@ -145,7 +164,7 @@ postfix_helo_access_list: []
 # Requerir HELO/EHLO y aplicarle restricciones
 postfix_helo_restrictions:
-  - check_helo_access hash:{{ postfix_rules_dir }}/helo_access_list
+  - check_helo_access hash:/etc/postfix/{{ postfix_rules_dir }}/helo_access_list
  - permit_mynetworks
  - reject_non_fqdn_helo_hostname
  - reject_invalid_helo_hostname
@ -166,7 +185,7 @@ postfix_recipient_access_list: []
 # Restricciones al destinatario especificado en RCPT TO
 postfix_recipient_restrictions:
-  - check_recipient_access hash:{{ postfix_rules_dir }}/recipient_access_list
+  - check_recipient_access hash:/etc/postfix/{{ postfix_rules_dir }}/recipient_access_list
  - permit_mynetworks
  - permit_sasl_authenticated
  - reject_unknown_recipient_domain
@ -181,7 +200,7 @@ postfix_sender_access_list: []
 # Restricciones aplicadas al remitente especificado en MAIL FROM
 postfix_sender_restrictions:
-  - check_sender_access hash:{{ postfix_rules_dir }}/sender_access_list
+  - check_sender_access hash:/etc/postfix/{{ postfix_rules_dir }}/sender_access_list
  - permit_sasl_authenticated
  - permit_mynetworks
  - reject_unknown_sender_domain
@ -239,7 +258,7 @@ postfix_postscreen_bare_newline_action: ignore
 postfix_postscreen_dnsbl_action: enforce
 # mapeo que determina cuáles dnsbls informar al cliente como razón del rechazo a la conexion
-postfix_postscreen_dnsbl_reply_map: "pcre:$config_directory/reglas/postscreen_dnsbl_reply_map.pcre"
+postfix_postscreen_dnsbl_reply_map: "pcre:$config_directory/{{ postfix_rules_dir }}/postscreen_dnsbl_reply_map.pcre"
 # umbral a superar para considerar al host remoto como spammer
 postfix_postscreen_dnsbl_threshold: 3
--- a/files/11-postfix.conf
+++ b/files/11-postfix.conf
@ -1,17 +0,0 @@
 # LMTP delivery service for Postfix
 service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    group = postfix
    user = postfix
  }
 }
 # Authentication service for Postfix
 service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
 }
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,32 +1,45 @@
 ---
 - name: restart postfix
-  service: name=postfix state=restarted
+  docker_container:
    name: "{{ postfix_container}}"
    state: started
    restart: yes
 - name: reload postfix
-  service: name=postfix state=restarted
+  command: docker exec {{ postfix_container }} postfix reload
 - name: newaliases
-  command: newaliases
+  command: docker exec {{ postfix_container }} newaliases
 - name: postmap hash aliases
-  command: "postmap hash:{{ dc[item]['alias_lookup']['file'] }}"
+  command: >-
    docker exec {{ postfix_container }} postmap
    hash:{{ postfix_mail_domains[item].alias_lookup.file | default(
    '/etc/postfix/'+item+'_aliases') }}
  when:
-    - "dc[item]['alias_lookup']['provider'] == 'file'"
+    - postfix_mail_domains[item].alias_lookup.provider|default(postfix_lookup_provider) == 'file'
-  with_items: "{{ postfix_mail_domains|belist }}"
+  loop: "{{ postfix_mail_domains.keys()|list }}"
 - name: postmap hash users
-  command: "postmap hash:{{ dc[item]['user_lookup']['file'] }}"
+  command: >-
    docker exec {{ postfix_container }} postmap
    hash:{{ postfix_mail_domains[item]..user_lookup.file | default(
    '/etc/postfix/'+item+'_users') }}
  when:
-    - "dc[item]['user_lookup']['provider'] == 'file'"
+    - postfix_mail_domains[item].user_lookup.provider|default(postfix_lookup_provider) == 'file'
-  with_items: "{{ postfix_mail_domains|belist }}"
+  loop: "{{ postfix_mail_domains.keys()|list }}"
 - name: postmap no reply aliases
-  command: "postmap hash:{{ dc[item]['noreply_file'] }}"
+  command: >-
-  with_items: "{{ postfix_mail_domains|belist }}"
+    docker exec {{ postfix_container }} postmap
    hash:{{ postfix_mail_domains[item].noreply_file | default(
    '/etc/postfix/'+item+'_noreply') }}
  loop: "{{ postfix_mail_domains.keys()|list }}"
 - name: postmap access lists
-  command: postmap {{item}}
+  command: docker exec {{ postfix_container }} postmap {{ item }}
-  with_items:
+  loop:
-    - "{{ postfix_rules_dir }}/helo_access_list"
+    - "/etc/postfix/{{ postfix_rules_dir }}/client_access_list"
-    - "{{ postfix_rules_dir }}/recipient_access_list"
+    - "/etc/postfix/{{ postfix_rules_dir }}/helo_access_list"
-    - "{{ postfix_rules_dir }}/sender_access_list"
+    - "/etc/postfix/{{ postfix_rules_dir }}/recipient_access_list"
    - "/etc/postfix/{{ postfix_rules_dir }}/sender_access_list"
--- a/tasks/lookup_tables.yml
+++ b/tasks/lookup_tables.yml
@ -2,9 +2,13 @@
 - name: Template LDAP lookup tables
  template:
    src: ldap_table.cf.j2
-    dest: /etc/postfix/{{ domain }}_ldap_{{ item }}.cf"
+    dest: "{{ postfix_mountpoint }}/{{ domain }}_ldap_{{ item }}.cf"
-  when:
+  when: >-
-    - postfix_mail_domains[domain][item+'_lookup'].provider|default(postfix_lookup_provider) == 'ldap'
+    postfix_mail_domains[domain][item+'_lookup'].provider
    | default(postfix_lookup_provider) == 'ldap' or
    ( item == 'group' and postfix_ldap_use_group_alias and
    postfix_mail_domains[domain]['alias_lookup'].provider
    | default(postfix_lookup_provider) == 'ldap' )
  loop:
    - user
    - alias
@ -14,7 +18,7 @@
 - name: Template SQLite lookup tables
  template:
    src: sqlite_table.cf.j2
-    dest: /etc/postfix/{{ domain }}_sqlite_{{ item }}.cf
+    dest: "{{ postfix_mountpoint }}/{{ domain }}_sqlite_{{ item }}.cf"
  when:
    - postfix_mail_domains[domain][item+'_lookup'].provider|default(postfix_lookup_provider) == 'sqlite'
  loop:
@ -29,7 +33,9 @@
      {% if item is string %}{{ item }} /nomailbox/{{ item }}
      {% else %}{{ item.user }} {{ item.mailbox }}
      {% endif %}{% endfor %}
-    dest: "{{ postfix_mail_domains[domain].user_lookup.file|default('/etc/postfix/'+domain+'_users') }}"
+    dest: "{{ postfix_mail_domains[domain].user_lookup.file |
              default('/etc/postfix/'+domain+'_users') |
              regex_replace('^/etc/postfix',postfix_mountpoint) }}"
    marker: "# {mark} ANSIBLE-MANAGED USERS"
    create: yes
  when:
@ -42,7 +48,9 @@
      {% for key in postfix_mail_domains[domain]['aliases']|default([]) -%}
      {{ key.alias }} {{ key.dest }}
      {% endfor %}
-    dest: "{{ postfix_mail_domains[domain].user_lookup.file|default('/etc/postfix/'+domain+'_aliases') }}"
+    dest: "{{ postfix_mail_domains[domain].alias_lookup.file |
              default('/etc/postfix/'+domain+'_aliases') |
              regex_replace('^/etc/postfix',postfix_mountpoint) }}"
    marker: "# {mark} ANSIBLE-MANAGED ALIASES"
    create: yes
  when:
@ -53,7 +61,9 @@
  copy:
    content: |
      {% for address in postfix_mail_domains[domain].noreply_aliases|default(['noreply']) %}
-      {{ address }}@domain  _dev_null
+      {{ address }}@{{ domain }}  _dev_null
      {% endfor %}
-    dest: "{{ postfix_mail_domains[domain].noreply_file|default('/etc/postfix/'+domain+'_noreply') }}"
+    dest: "{{ postfix_mail_domains[domain].noreply_file |
              default('/etc/postfix/'+domain+'_noreply') |
              regex_replace('^/etc/postfix',postfix_mountpoint) }}"
  notify: postmap no reply aliases
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,97 +1,151 @@
 ---
-# - name: "Load default config for domains"
+- name: Activar container postfix
-#   set_fact:
+  docker_container:
-#     dc: "{{ dc|default({})|combine( { item: {
+    name: "{{ postfix_container }}"
-#       'user_lookup': {
+    state: started
-#         'provider': 'file',
+    restart_policy: unless-stopped
-#         'file': vmail_home +'/'+item+'_users',
+    image: "{{ postfix_image }}"
-#         'domain': item,
+    volumes:
-#         'server_host': postfix_ldap_server,
+      - "{{ postfix_volume }}:/etc/postfix"
-#         'server_port': postfix_ldap_port,
+      - "{{ postfix_volume_ssl }}:/ssl"
-#         'version': postfix_ldap_version,
+    networks:
-#         'scope': postfix_ldap_scope,
+      - name: "{{ docker_network }}"
-#         'bind': postfix_ldap_bind,
+    ports: "{{ postfix_publish_ports }}"
-#         'bind_dn': postfix_ldap_bind_dn,
+    env:
-#         'bind_pw': postfix_ldap_bind_pw,
+      MYDESTINATION: >-
-#         'start_tls': postfix_ldap_start_tls,
+        {{ postfix_unix_domains |
-#         'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
+        union( [ ansible_fqdn, 'localhost.localdomain', 'localhost'] ) |
-#         'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
+        difference( postfix_mail_domains ) | join(', ') }}
-#         'search_base':
+      MYHOSTNAME:
-#           'ou=People,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
+        "{{ postfix_server_name }}"
-#         'query_filter': '(&(objectClass=inetOrgPerson)(uid=%u))',
+      MYDOMAIN:
-#         'result_attribute': 'uid',
+        "{{ postfix_server_domain }}"
-#         'result_format': vmail_home+'/mail/'+item+'/%s/',
+      MYNETWORKS: >-
-#         'dbpath': vmail_home+'/'+item+'_users.sqlite',
+        {{ ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128'] |
-#         'query': postfix_sqlite_user_query
+        union( postfix_local_networks )  | join(', ') }}
-#       },
+      VIRTUAL_ALIAS_MAPS: >-
-#       'users': [],
+        {% for d in postfix_mail_domains.keys()|list %}
-#       'alias_lookup': {
+        {% set p = postfix_mail_domains[d].alias_lookup.provider|default(postfix_lookup_provider) %}
-#         'provider': 'file',
+        {% if p == "ldap" %}
-#         'file': vmail_home +'/'+item+'_aliases',
+        ldap:/etc/postfix/{{ d }}_ldap_alias.cf
-#         'domain': item,
+        {% if postfix_mail_domains[d].alias_lookup.use_group_as_alias|default(postfix_ldap_use_group_alias) %},
-#         'server_host': postfix_ldap_server,
+        ldap:/etc/postfix/{{ d }}_ldap_group.cf
-#         'server_port': postfix_ldap_port,
+        {% endif %}
-#         'version': postfix_ldap_version,
+        {% elif p == "sqlite" %}
-#         'scope': postfix_ldap_scope,
+        sqlite:/etc/postfix/{{d}}_sqlite_alias.cf
-#         'bind': postfix_ldap_bind,
+        {% elif p == "file" %}
-#         'bind_dn': postfix_ldap_bind_dn,
+        hash:/etc/postfix/{{ d }}_aliases
-#         'bind_pw': postfix_ldap_bind_pw,
+        {% endif %}, hash:/etc/postfix/{{ d }}_noreply
-#         'start_tls': postfix_ldap_start_tls,
+        {{ '' if loop.last else ',' }}{% endfor %}
-#         'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
+      VIRTUAL_MAILBOX_MAPS: >-
-#         'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
+        {% for d in postfix_mail_domains.keys()|list %}
-#         'search_base':
+        {% set p = postfix_mail_domains[d].user_lookup.provider|default(postfix_lookup_provider) %}
-#           'ou=Alias,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
+        {% if p == "ldap" %}
-#         'query_filter': '(&(objectClass=nisMailAlias)(cn=%u))',
+        ldap:/etc/postfix/{{ d }}_ldap_user.cf
-#         'result_attribute': 'rfc822MailMember',
+        {% elif p == "sqlite" %}
-#         'result_format': '%s',
+        sqlite:/etc/postfix/{{ d }}_sqlite_user.cf
-#         'dbpath': vmail_home+'/'+item+'_aliases.sqlite',
+        {% elif p == "file" %}
-#         'query': postfix_sqlite_alias_query
+        hash:/etc/postfix/{{ d }}_users
-#       },
+        {% endif %}{{ '' if loop.last else ',' }}{% endfor %},
-#       'aliases': [],
+      VIRTUAL_TRANSPORT: "lmtp:{{ dovecot_container }}:24"
-#       'use_group_as_alias': postfix_ldap_use_group_alias,
+      VIRTUAL_MAILBOX_DOMAINS: "{{ postfix_mail_domains | join (', ') }}"
-#       'group_lookup': {
+      SMTPD_SASL_PATH: "inet:{{ dovecot_container }}:12345"
-#         'provider': 'ldap',
+      SMTPD_SASL_TYPE: dovecot
-#         'domain': item,
+      SMTPD_SASL_AUTH_ENABLE: "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
-#         'server_host': postfix_ldap_server,
+      SMTPD_TLS_CERT_FILE: /ssl/cert.pem
-#         'server_port': postfix_ldap_port,
+      SMTPD_TLS_KEY_FILE: /ssl/key.pem
-#         'version': postfix_ldap_version,
+      SMTP_TLS_SECURITY_LEVEL:
-#         'scope': postfix_ldap_scope,
+        "{{postfix_incoming_tls_security}}"
-#         'bind': postfix_ldap_bind,
+      SMTPD_TLS_SECURITY_LEVEL:
-#         'bind_dn': postfix_ldap_bind_dn,
+        "{{postfix_outgoing_tls_security}}"
-#         'bind_pw': postfix_ldap_bind_pw,
+      SMTPD_TLS_AUTH_ONLY:
-#         'start_tls': postfix_ldap_start_tls,
+        "{{ 'yes' if postfix_allow_insecure_auth else 'no'}}"
-#         'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
+      SMTPD_TLS_SESSION_CACHE_DATABASE:
-#         'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
+        "{{ 'btree:${data_directory}/smtpd_scache' if postfix_tls_session_cache else '' }}"
-#         'search_base':
+      SMTPD_CLIENT_RESTRICTIONS:
-#           'ou=Group,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
+        "{{ postfix_client_restrictions | join(', ') }}"
-#         'query_filter': '(&(objectClass=posixGroup)(cn=%u))',
+      SMTPD_DATA_RESTRICTIONS:
-#         'result_attribute': 'memberUid',
+        "{{ postfix_data_restrictions | join(', ') }}"
-#         'result_format': '%s@{{d}}',
+      SMTPD_HELO_RESTRICTIONS:
-#       },
+        "{{ postfix_helo_restrictions | join(', ') }}"
-#       'noreply_aliases': [ 'noreply' ],
+      SMTPD_RELAY_RESTRICTIONS:
-#       'noreply_file': vmail_home +'/'+item+'_noreply',
+        "{{ postfix_relay_restrictions | join(', ') }}"
-#       } }, recursive=True) }}"
+      SMTPD_RECIPIENT_RESTRICTIONS:
-#   with_items: "{{ postfix_mail_domains }}"
+        "{{ postfix_recipient_restrictions | join(', ') }}"
      MESSAGE_SIZE_LIMIT:
        "{{ postfix_message_size_limit | string }}"
      SMTPD_HELO_REQUIRED:
        "{{ 'yes' if postfix_helo_required else 'no' }}"
      BIFF:
        "{{ 'yes' if postfix_biff else 'no' }}"
      SUBMISSION_ENABLE:
        "{{ 'yes' if postfix_submission_enable else 'no' }}"
      POSTSCREEN_ENABLE:
        "{{ 'yes' if postfix_postscreen_enable else 'no' }}"
      POSTSCREEN_ACCESS_LIST:
        "cidr:/etc/postfix/{{ postfix_rules_dir }}/postscreen_access_list.cidr, permit_mynetworks"
      POSTSCREEN_DNSBL_SITES: "\
        {% for entry in postfix_postscreen_dnsbl_sites -%}\
        {% if entry is string -%}{{ entry }}{% elif entry is mapping -%}\
        {{ entry.site }}{{ '*' if entry.score is defined else '' }}\
        {{ entry.score | default('') }}{% endif %}\
        {{ '' if loop.last else ', ' }}{% endfor %}"
      POSTSCREEN_DNSBL_REPLY_MAP:
        "pcre:/etc/postfix/{{ postfix_rules_dir }}/postscreen_dnsbl_mask.pcre"
      POSTSCREEN_BLACKLIST_ACTION:
        "{{ postfix_postscreen_blacklist_action }}"
      POSTSCREEN_DNSBL_ACTION:
        "{{ postfix_postscreen_dnsbl_action }}"
      POSTSCREEN_DNSBL_THRESHOLD:
        "{{ postfix_postscreen_dnsbl_threshold | string}}"
      POSTSCREEN_DNSBL_WHITELIST_THRESHOLD:
        "{{ postfix_postscreen_dnsbl_whitelist_threshold | string }}"
      POSTSCREEN_GREET_ACTION:
        "{{ postfix_postscreen_greet_action }}"
-# - name: "Override config for domains"
+  register: container
 #   set_fact:
 #     dc: '{{ dc | combine(postfix_domain_config, recursive=True) }}'
- name: Instalar Postfix
+- name: Exportar informacion de container
-  apt:
+  set_fact:
-    name:
+    postfix_container: "{{ lookup('vars','postfix_container') }}"
      - postfix
      - postfix-pcre
      - postfix-ldap
      - postfix-sqlite
    state: present
  notify: restart postfix
- name: Servicio delivery+auth mediante Dovecot
+- when: postfix_volume[0] != '/'
-  copy:
+  block:
-    src: 11-postfix.conf
+    - name: Leer info de volumen {{ postfix_volume }}
-    dest: /etc/dovecot/conf.d/11-postfix.conf
+      docker_volume_info:
-  notify: restart dovecot
+        name: "{{ postfix_volume }}"
      register: res_cfg
    - name: Exportar informacion de volumen
      set_fact:
        postfix_volume: "{{ lookup('vars','postfix_volume') }}"
        postfix_mountpoint: "{{ res_cfg.volume.Mountpoint }}"
 - when: postfix_volume[0] == '/'
  block:
    - name: Exportar informacion de volumen
      set_fact:
        postfix_volume: "{{ lookup('vars','postfix_volume') }}"
        postfix_mountpoint: "{{ lookup('vars','postfix_volume') }}"
 - when: postfix_volume_ssl[0] != '/'
  block:
    - name: Leer info de volumen {{ postfix_volume_ssl }}
      docker_volume_info:
        name: "{{ postfix_volume_ssl }}"
      register: res_ssl
    - name: Exportar informacion de volumen
      set_fact:
        postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
        postfix_mountpoint_ssl: "{{ res_ssl.volume.Mountpoint }}"
 - when: postfix_volume_ssl[0] == '/'
  block:
    - name: Exportar informacion de volumen
      set_fact:
        postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
        postfix_mountpoint_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
 # FIXME: resolver access lists y tables en Docker
 - name: Configurar lookup tables
  include_tasks: lookup_tables.yml
@ -99,32 +153,20 @@
  loop_control:
    loop_var: domain
 - name: Alias local para usuario no-reply
  blockinfile:
    block: |
      _dev_null: /dev/null
    marker: "# {mark} ANSIBLE-MANAGED ALIASES"
    path: /etc/aliases
  notify: newaliases
 - name: Directorio de reglas para access lists
  file:
    name: "{{ postfix_rules_dir }}"
    state: directory
 - name: Template client access list
  blockinfile:
-    path: "{{ postfix_rules_dir }}/client_access_list"
+    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/client_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_client_access_list` to change these values
      {% for entry in postfix_client_access_list -%}
      {{ entry.regex }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists
 - name: Template helo access list
  blockinfile:
-    path: "{{ postfix_rules_dir }}/helo_access_list"
+    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/helo_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_helo_access_list` to change these values
@ -135,7 +177,7 @@
 - name: Template recipient access list
  blockinfile:
-    path: "{{ postfix_rules_dir }}/recipient_access_list"
+    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/recipient_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_recipient_access_list` to change these values
@ -146,7 +188,7 @@
 - name: Template sender access list
  blockinfile:
-    path: "{{ postfix_rules_dir }}/sender_access_list"
+    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/sender_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_sender_access_list` to change these values
@ -155,115 +197,6 @@
      {% endfor %}
  notify: postmap access lists
 - name: Configurar main.cf
  postconf:
    parameter:
      mydestination: >-
        {{ postfix_unix_domains |
        union( [ ansible_fqdn, 'localhost.localdomain', 'localhost'] ) |
        difference( postfix_mail_domains ) }}
      myhostname:
        "{{ postfix_server_name }}"
      mydomain:
        "{{ postfix_server_domain }}"
      mynetworks: >-
        {{ ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128'] |
        union( postfix_local_networks ) }}
      virtual_alias_maps: >-
        {% for d in postfix_mail_domains %}
        {% set p = postfix_domain_config[d].alias_lookup.provider|default(postfix_lookup_provider) %}
        {% if p == "ldap" %}
        ldap:/etc/postfix/{{ d }}_ldap_alias.cf
        {% if postfix_domain_config[d].alias_lookup.use_group_as_alias|default(postfix_ldap_use_group_alias) %},
        ldap:/etc/postfix/{{ d }}_ldap_group.cf
        {% endif %}
        {% elif p == "sqlite" %}
        sqlite:/etc/postfix/{{d}}_sqlite_alias.cf
        {% elif p == "file" %}
        hash:/etc/postfix/{{ d }}_aliases
        {% endif %}{{ '' if loop.last else ',' }}{% endfor %},
        hash:/etc/postfix/noreply_aliases
      virtual_mailbox_maps: >-
        {% for d in postfix_mail_domains %}
        {% set p = postfix_domain_config[d].user_lookup.provider|default(postfix_lookup_provider) %}
        {% if p == "ldap" %}
        ldap:/etc/postfix/{{ d }}_ldap_user.cf
        {% elif p == "sqlite" %}
        sqlite:/etc/postfix/{{ d }}_sqlite_user.cf
        {% elif p == "file" %}
        hash:/etc/postfix/{{ d }}_users
        {% endif %}{{ '' if loop.last else ',' }}{% endfor %},
      virtual_transport:
        lmtp:unix:private/dovecot-lmtp
      virtual_mailbox_domains:
        "{{ postfix_mail_domains }}"
      smtpd_sasl_path: private/auth
      smtpd_sasl_type: dovecot
      smtpd_sasl_auth_enable:
        "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
      smtpd_tls_cert_file:
        "{{ postfix_tls_certificate }}"
      smtpd_tls_key_file:
        "{{ postfix_tls_private_key }}"
      smtp_tls_security_level:
        "{{postfix_incoming_tls_security}}"
      smtpd_tls_security_level:
        "{{postfix_outgoing_tls_security}}"
      smtpd_tls_auth_only:
        "{{ 'yes' if postfix_allow_insecure_auth else 'no'}}"
      smtpd_tls_session_cache_database:
        "{{ 'btree:${data_directory}/smtpd_scache' if postfix_tls_session_cache else '' }}"
      smtpd_client_restrictions:
        "{{ postfix_client_restrictions }}"
      smtpd_data_restrictions:
        "{{ postfix_data_restrictions }}"
      smtpd_helo_restrictions:
        "{{ postfix_helo_restrictions }}"
      smtpd_relay_restrictions:
        "{{ postfix_relay_restrictions }}"
      smtpd_recipient_restrictions:
        "{{ postfix_recipient_restrictions }}"
      message_size_limit:
        "{{ postfix_message_size_limit }}"
      smtpd_helo_required:
        "{{ 'yes' if postfix_helo_required else 'no' }}"
      biff:
        "{{ 'yes' if postfix_biff else 'no' }}"
  notify: reload postfix
 - name: "Enable submission service"
  postconf:
    service: submission
    type: inet
    private: 'n'
    command: smtpd
    parameter:
      milter_macro_daemon_name: ORIGINATING
      smtpd_client_restrictions:
        - permit_sasl_authenticated
        - reject
      smtpd_sasl_auth_enable: 'yes'
      smtpd_tls_security_level: encrypt
      syslog_name: postfix/submission
  notify: reload postfix
  when: "postfix_submission_enable == True"
 - name: "Disable submission service"
  postconf:
    service: submission
    type: inet
    state: absent
  notify: reload postfix
  when: "postfix_submission_enable == False"
 - name: "Enable postscreen"
  include_tasks: postscreen.yml
  when: "postfix_postscreen_enable == True"
 - name: "Disable postscreen"
  include_tasks: postscreen_disable.yml
  when: "postfix_postscreen_enable == False"
 # TODO: mensajes
 # TODO: milter_header_checks
--- a/tasks/postscreen.yml
+++ b/tasks/postscreen.yml
@ -49,12 +49,12 @@
      {% for entry in postfix_postscreen_access_list -%}
      {{ entry.address }} {{ entry.action }}
      {% endfor %}
-    dest: "/etc/postfix/rules/postscreen_access_list.cidr"
+    dest: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/postscreen_access_list.cidr"
 - name: "postscreen: set postscreen_access_list parameter"
  postconf:
    parameter: postscreen_access_list
-    value: "cidr:/etc/postfix/rules/postscreen_access_list.cidr, permit_mynetworks"
+    value: "cidr:/etc/postfix/{{ postfix_rules_dir }}/postscreen_access_list.cidr, permit_mynetworks"
  notify: reload postfix
 - name: "postscreen: enable/disable after-220 SMTP greeting tests"
@ -95,13 +95,13 @@
      {% else %}
      /^{{ entry.site }}$/ dnsbl blacklist
      {% endif %}{% endif %}{% endif %}{% endfor %}
-    dest: /etc/postfix/rules/postscreen_dnsbl_mask.pcre
+    dest: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/postscreen_dnsbl_mask.pcre"
  notify: reload postfix
 - name: "postscreen: configure masking table parameter"
  postconf:
    parameter: postscreen_dnsbl_reply_map
-    value: "pcre:/etc/postfix/rules/postscreen_dnsbl_mask.pcre"
+    value: "pcre:/etc/postfix/{{ postfix_rules_dir }}/postscreen_dnsbl_mask.pcre"
  notify: reload postfix
 - name: "postscreen: set misc. parameters"
--- a/templates/ldap_table.cf.j2
+++ b/templates/ldap_table.cf.j2
@ -4,10 +4,10 @@ server_host = {{ postfix_ldap_server }}
 server_port = {{ postfix_ldap_port }}
 version = {{ postfix_ldap_version }}
 scope = {{ postfix_ldap_scope }}
-bind = {{ postfix_ldap_bind }}
+bind = {{ 'yes' if postfix_ldap_bind else 'no' }}
 bind_dn = {{ postfix_ldap_bind_dn }}
 bind_pw = {{ postfix_ldap_bind_pw }}
-start_tls = {{ postfix_ldap_start_tls }}
+start_tls = {{ 'yes' if postfix_ldap_start_tls else 'no' }}
 tls_ca_cert_file = {{ postfix_ldap_tls_ca_cert_file }}
 tls_ca_cert_dir = {{ postfix_ldap_tls_ca_cert_dir }}
 {% if item == 'user' %}
Author	SHA1	Message	Date
Mauro Torrez	f7b5ea515b	publish submission port	2019-10-02 20:54:07 -03:00
Mauro Torrez	321f2df6a5	enable submission	2019-10-02 19:34:02 -03:00
Mauro Torrez	2507d68862	fix variable type	2019-09-30 17:13:35 -03:00
Mauro Torrez	80b4ff6548	fix variable type	2019-09-30 17:12:06 -03:00
Mauro Torrez	9fa00e736e	fix variable type	2019-09-30 17:11:01 -03:00
Mauro Torrez	1c3646414f	fix variable type	2019-09-30 17:09:04 -03:00
Mauro Torrez	ad468cbf70	fix variable type	2019-09-30 17:06:47 -03:00
Mauro Torrez	45790af73b	restore lookup table logic	2019-09-30 13:09:10 -03:00
Mauro Torrez	5281cec4c9	use external container	2019-09-30 03:00:50 -03:00
Mauro Torrez	3ccf612b3f	disable submission by default (start using dovecot)	2019-09-10 20:56:59 -03:00
Mauro Torrez	4d635ed700	fix noreply lookup table	2019-09-09 01:15:23 -03:00
Mauro Torrez	b7d233332c	fix	2019-09-09 01:10:19 -03:00
Mauro Torrez	7a8c051008	disable chroot	2019-09-09 01:04:53 -03:00
Mauro Torrez	9ad4f929d6	(debugging) avoid postscreen, no chroot in submission	2019-09-09 00:24:11 -03:00
Mauro Torrez	54c569be8b	correct lmtp address	2019-09-09 00:14:04 -03:00
Mauro Torrez	b77303c3ac	dbg	2019-09-08 23:31:13 -03:00
Mauro Torrez	d08c34bfec	expose ports	2019-09-08 23:20:47 -03:00
Mauro Torrez	f5b6138e76	fix bug on service disable	2019-09-08 18:22:03 -03:00
Mauro Torrez	ff1fe3ba6f	fix	2019-09-08 17:50:10 -03:00
Mauro Torrez	33ce7b8ded	noreply aliases	2019-09-08 17:45:38 -03:00
Mauro Torrez	01978a16d5	ldap group as alias	2019-09-08 17:16:41 -03:00
Mauro Torrez	fb423269af	fix ldap table param	2019-09-08 17:07:12 -03:00
Mauro Torrez	81e5892886	fix ldap bind parameter	2019-09-08 17:03:44 -03:00
Mauro Torrez	f405c7ea47	fix rules paths	2019-09-08 16:59:48 -03:00
Mauro Torrez	60733ffb92	fix domain config	2019-09-08 16:56:36 -03:00
Mauro Torrez	cbdff603dc	bf	2019-09-08 15:42:50 -03:00
Mauro Torrez	76adfada4e	log a stdout	2019-09-08 15:34:46 -03:00
Mauro Torrez	e937775811	ssl cert	2019-09-08 15:33:56 -03:00
Mauro Torrez	dc81aaefec	puertos + config ldap	2019-09-08 15:19:59 -03:00
Mauro Torrez	5cfa3d75f5	integracion con servicio dovecot	2019-09-08 14:33:33 -03:00
Mauro Torrez	f71ce1d16b	valores por defecto en templates handlers	2019-09-08 14:23:01 -03:00
Mauro Torrez	0e934b1db8	arreglo bug	2019-09-07 20:17:41 -03:00
Mauro Torrez	fe8a1d20ad	postscreen rules path	2019-09-07 20:10:49 -03:00
Mauro Torrez	321240524f	run postconf inside container	2019-09-07 19:41:18 -03:00
Mauro Torrez	fbdb8d92af	arreglo bug	2019-09-07 19:32:19 -03:00
Mauro Torrez	cc7260fea3	WIP: conversion a docker	2019-09-07 19:27:12 -03:00