--- # - name: "Load default config for domains" # set_fact: # dc: "{{ dc|default({})|combine( { item: { # 'user_lookup': { # 'provider': 'file', # 'file': vmail_home +'/'+item+'_users', # 'domain': item, # 'server_host': postfix_ldap_server, # 'server_port': postfix_ldap_port, # 'version': postfix_ldap_version, # 'scope': postfix_ldap_scope, # 'bind': postfix_ldap_bind, # 'bind_dn': postfix_ldap_bind_dn, # 'bind_pw': postfix_ldap_bind_pw, # 'start_tls': postfix_ldap_start_tls, # 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file, # 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir, # 'search_base': # 'ou=People,'+item.split('.')|map('regex_replace','^','dc=')|join(','), # 'query_filter': '(&(objectClass=inetOrgPerson)(uid=%u))', # 'result_attribute': 'uid', # 'result_format': vmail_home+'/mail/'+item+'/%s/', # 'dbpath': vmail_home+'/'+item+'_users.sqlite', # 'query': postfix_sqlite_user_query # }, # 'users': [], # 'alias_lookup': { # 'provider': 'file', # 'file': vmail_home +'/'+item+'_aliases', # 'domain': item, # 'server_host': postfix_ldap_server, # 'server_port': postfix_ldap_port, # 'version': postfix_ldap_version, # 'scope': postfix_ldap_scope, # 'bind': postfix_ldap_bind, # 'bind_dn': postfix_ldap_bind_dn, # 'bind_pw': postfix_ldap_bind_pw, # 'start_tls': postfix_ldap_start_tls, # 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file, # 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir, # 'search_base': # 'ou=Alias,'+item.split('.')|map('regex_replace','^','dc=')|join(','), # 'query_filter': '(&(objectClass=nisMailAlias)(cn=%u))', # 'result_attribute': 'rfc822MailMember', # 'result_format': '%s', # 'dbpath': vmail_home+'/'+item+'_aliases.sqlite', # 'query': postfix_sqlite_alias_query # }, # 'aliases': [], # 'use_group_as_alias': postfix_ldap_use_group_alias, # 'group_lookup': { # 'provider': 'ldap', # 'domain': item, # 'server_host': postfix_ldap_server, # 'server_port': postfix_ldap_port, # 'version': postfix_ldap_version, # 'scope': postfix_ldap_scope, # 'bind': postfix_ldap_bind, # 'bind_dn': postfix_ldap_bind_dn, # 'bind_pw': postfix_ldap_bind_pw, # 'start_tls': postfix_ldap_start_tls, # 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file, # 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir, # 'search_base': # 'ou=Group,'+item.split('.')|map('regex_replace','^','dc=')|join(','), # 'query_filter': '(&(objectClass=posixGroup)(cn=%u))', # 'result_attribute': 'memberUid', # 'result_format': '%s@{{d}}', # }, # 'noreply_aliases': [ 'noreply' ], # 'noreply_file': vmail_home +'/'+item+'_noreply', # } }, recursive=True) }}" # with_items: "{{ postfix_mail_domains }}" # - name: "Override config for domains" # set_fact: # dc: '{{ dc | combine(postfix_domain_config, recursive=True) }}' - name: Instalar Postfix apt: name: - postfix - postfix-pcre - postfix-ldap - postfix-sqlite state: present notify: restart postfix - name: Servicio delivery+auth mediante Dovecot copy: src: 11-postfix.conf dest: /etc/dovecot/conf.d/11-postfix.conf notify: restart dovecot - name: Configurar lookup tables include_tasks: lookup_tables.yml loop: "{{ postfix_mail_domains.keys()|list }}" loop_control: loop_var: domain - name: Alias local para usuario no-reply blockinfile: block: | _dev_null: /dev/null marker: "# {mark} ANSIBLE-MANAGED ALIASES" path: /etc/aliases notify: newaliases - name: Directorio de reglas para access lists file: name: "{{ postfix_rules_dir }}" state: directory - name: Template client access list blockinfile: path: "{{ postfix_rules_dir }}/client_access_list" create: yes block: | # Edit host variable `postfix_client_access_list` to change these values {% for entry in postfix_client_access_list -%} {{ entry.regex }} {{ entry.action }} {% endfor %} - name: Template helo access list blockinfile: path: "{{ postfix_rules_dir }}/helo_access_list" create: yes block: | # Edit host variable `postfix_helo_access_list` to change these values {% for entry in postfix_helo_access_list -%} {{ entry.host }} {{ entry.action }} {% endfor %} notify: postmap access lists - name: Template recipient access list blockinfile: path: "{{ postfix_rules_dir }}/recipient_access_list" create: yes block: | # Edit host variable `postfix_recipient_access_list` to change these values {% for entry in postfix_recipient_access_list -%} {{ entry.rcpt }} {{ entry.action }} {% endfor %} notify: postmap access lists - name: Template sender access list blockinfile: path: "{{ postfix_rules_dir }}/sender_access_list" create: yes block: | # Edit host variable `postfix_sender_access_list` to change these values {% for entry in postfix_sender_access_list -%} {{ entry.sender }} {{ entry.action }} {% endfor %} notify: postmap access lists - name: Configurar main.cf postconf: parameter: mydestination: >- {{ postfix_unix_domains | union( [ ansible_fqdn, 'localhost.localdomain', 'localhost'] ) | difference( postfix_mail_domains ) }} myhostname: "{{ postfix_server_name }}" mydomain: "{{ postfix_server_domain }}" mynetworks: >- {{ ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128'] | union( postfix_local_networks ) }} virtual_alias_maps: >- {% for d in postfix_mail_domains %} {% set p = postfix_domain_config[d].alias_lookup.provider|default(postfix_lookup_provider) %} {% if p == "ldap" %} ldap:/etc/postfix/{{ d }}_ldap_alias.cf {% if postfix_domain_config[d].alias_lookup.use_group_as_alias|default(postfix_ldap_use_group_alias) %}, ldap:/etc/postfix/{{ d }}_ldap_group.cf {% endif %} {% elif p == "sqlite" %} sqlite:/etc/postfix/{{d}}_sqlite_alias.cf {% elif p == "file" %} hash:/etc/postfix/{{ d }}_aliases {% endif %}, /etc/postfix/{{ d }}_noreply {{ '' if loop.last else ',' }}{% endfor %} virtual_mailbox_maps: >- {% for d in postfix_mail_domains %} {% set p = postfix_domain_config[d].user_lookup.provider|default(postfix_lookup_provider) %} {% if p == "ldap" %} ldap:/etc/postfix/{{ d }}_ldap_user.cf {% elif p == "sqlite" %} sqlite:/etc/postfix/{{ d }}_sqlite_user.cf {% elif p == "file" %} hash:/etc/postfix/{{ d }}_users {% endif %}{{ '' if loop.last else ',' }}{% endfor %} virtual_transport: lmtp:unix:private/dovecot-lmtp virtual_mailbox_domains: "{{ postfix_mail_domains }}" smtpd_sasl_path: private/auth smtpd_sasl_type: dovecot smtpd_sasl_auth_enable: "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}" smtpd_tls_cert_file: "{{ postfix_tls_certificate }}" smtpd_tls_key_file: "{{ postfix_tls_private_key }}" smtp_tls_security_level: "{{postfix_incoming_tls_security}}" smtpd_tls_security_level: "{{postfix_outgoing_tls_security}}" smtpd_tls_auth_only: "{{ 'yes' if postfix_allow_insecure_auth else 'no'}}" smtpd_tls_session_cache_database: "{{ 'btree:${data_directory}/smtpd_scache' if postfix_tls_session_cache else '' }}" smtpd_client_restrictions: "{{ postfix_client_restrictions }}" smtpd_data_restrictions: "{{ postfix_data_restrictions }}" smtpd_helo_restrictions: "{{ postfix_helo_restrictions }}" smtpd_relay_restrictions: "{{ postfix_relay_restrictions }}" smtpd_recipient_restrictions: "{{ postfix_recipient_restrictions }}" message_size_limit: "{{ postfix_message_size_limit }}" smtpd_helo_required: "{{ 'yes' if postfix_helo_required else 'no' }}" biff: "{{ 'yes' if postfix_biff else 'no' }}" notify: reload postfix - name: "Enable submission service" postconf: service: submission type: inet private: 'n' command: smtpd parameter: milter_macro_daemon_name: ORIGINATING smtpd_client_restrictions: - permit_sasl_authenticated - reject smtpd_sasl_auth_enable: 'yes' smtpd_tls_security_level: encrypt syslog_name: postfix/submission notify: reload postfix when: "postfix_submission_enable == True" - name: "Disable submission service" postconf: service: submission type: inet state: absent notify: reload postfix when: "postfix_submission_enable == False" - name: "Enable postscreen" include_tasks: postscreen.yml when: "postfix_postscreen_enable == True" - name: "Disable postscreen" include_tasks: postscreen_disable.yml when: "postfix_postscreen_enable == False" # TODO: mensajes # TODO: milter_header_checks