mauro/ansible-role-postfix
1
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity
ansible-role-postfix/tasks/main.yml
Mauro Torrez 40b0b49574 noreply aliases
2019-09-08 17:40:53 -03:00

270 lines
9.2 KiB
YAML
Raw Permalink Blame History

---
# - name: "Load default config for domains"
# set_fact:
# dc: "{{ dc|default({})|combine( { item: {
# 'user_lookup': {
# 'provider': 'file',
# 'file': vmail_home +'/'+item+'_users',
# 'domain': item,
# 'server_host': postfix_ldap_server,
# 'server_port': postfix_ldap_port,
# 'version': postfix_ldap_version,
# 'scope': postfix_ldap_scope,
# 'bind': postfix_ldap_bind,
# 'bind_dn': postfix_ldap_bind_dn,
# 'bind_pw': postfix_ldap_bind_pw,
# 'start_tls': postfix_ldap_start_tls,
# 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
# 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
# 'search_base':
# 'ou=People,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
# 'query_filter': '(&(objectClass=inetOrgPerson)(uid=%u))',
# 'result_attribute': 'uid',
# 'result_format': vmail_home+'/mail/'+item+'/%s/',
# 'dbpath': vmail_home+'/'+item+'_users.sqlite',
# 'query': postfix_sqlite_user_query
# },
# 'users': [],
# 'alias_lookup': {
# 'provider': 'file',
# 'file': vmail_home +'/'+item+'_aliases',
# 'domain': item,
# 'server_host': postfix_ldap_server,
# 'server_port': postfix_ldap_port,
# 'version': postfix_ldap_version,
# 'scope': postfix_ldap_scope,
# 'bind': postfix_ldap_bind,
# 'bind_dn': postfix_ldap_bind_dn,
# 'bind_pw': postfix_ldap_bind_pw,
# 'start_tls': postfix_ldap_start_tls,
# 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
# 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
# 'search_base':
# 'ou=Alias,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
# 'query_filter': '(&(objectClass=nisMailAlias)(cn=%u))',
# 'result_attribute': 'rfc822MailMember',
# 'result_format': '%s',
# 'dbpath': vmail_home+'/'+item+'_aliases.sqlite',
# 'query': postfix_sqlite_alias_query
# },
# 'aliases': [],
# 'use_group_as_alias': postfix_ldap_use_group_alias,
# 'group_lookup': {
# 'provider': 'ldap',
# 'domain': item,
# 'server_host': postfix_ldap_server,
# 'server_port': postfix_ldap_port,
# 'version': postfix_ldap_version,
# 'scope': postfix_ldap_scope,
# 'bind': postfix_ldap_bind,
# 'bind_dn': postfix_ldap_bind_dn,
# 'bind_pw': postfix_ldap_bind_pw,
# 'start_tls': postfix_ldap_start_tls,
# 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
# 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
# 'search_base':
# 'ou=Group,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
# 'query_filter': '(&(objectClass=posixGroup)(cn=%u))',
# 'result_attribute': 'memberUid',
# 'result_format': '%s@{{d}}',
# },
# 'noreply_aliases': [ 'noreply' ],
# 'noreply_file': vmail_home +'/'+item+'_noreply',
# } }, recursive=True) }}"
# with_items: "{{ postfix_mail_domains }}"
# - name: "Override config for domains"
# set_fact:
# dc: '{{ dc | combine(postfix_domain_config, recursive=True) }}'
- name: Instalar Postfix
apt:
name:
- postfix
- postfix-pcre
- postfix-ldap
- postfix-sqlite
state: present
notify: restart postfix
- name: Servicio delivery+auth mediante Dovecot
copy:
src: 11-postfix.conf
dest: /etc/dovecot/conf.d/11-postfix.conf
notify: restart dovecot
- name: Configurar lookup tables
include_tasks: lookup_tables.yml
loop: "{{ postfix_mail_domains.keys()|list }}"
loop_control:
loop_var: domain
- name: Alias local para usuario no-reply
blockinfile:
block: |
_dev_null: /dev/null
marker: "# {mark} ANSIBLE-MANAGED ALIASES"
path: /etc/aliases
notify: newaliases
- name: Directorio de reglas para access lists
file:
name: "{{ postfix_rules_dir }}"
state: directory
- name: Template client access list
blockinfile:
path: "{{ postfix_rules_dir }}/client_access_list"
create: yes
block: |
# Edit host variable `postfix_client_access_list` to change these values
{% for entry in postfix_client_access_list -%}
{{ entry.regex }} {{ entry.action }}
{% endfor %}
- name: Template helo access list
blockinfile:
path: "{{ postfix_rules_dir }}/helo_access_list"
create: yes
block: |
# Edit host variable `postfix_helo_access_list` to change these values
{% for entry in postfix_helo_access_list -%}
{{ entry.host }} {{ entry.action }}
{% endfor %}
notify: postmap access lists
- name: Template recipient access list
blockinfile:
path: "{{ postfix_rules_dir }}/recipient_access_list"
create: yes
block: |
# Edit host variable `postfix_recipient_access_list` to change these values
{% for entry in postfix_recipient_access_list -%}
{{ entry.rcpt }} {{ entry.action }}
{% endfor %}
notify: postmap access lists
- name: Template sender access list
blockinfile:
path: "{{ postfix_rules_dir }}/sender_access_list"
create: yes
block: |
# Edit host variable `postfix_sender_access_list` to change these values
{% for entry in postfix_sender_access_list -%}
{{ entry.sender }} {{ entry.action }}
{% endfor %}
notify: postmap access lists
- name: Configurar main.cf
postconf:
parameter:
mydestination: >-
{{ postfix_unix_domains |
union( [ ansible_fqdn, 'localhost.localdomain', 'localhost'] ) |
difference( postfix_mail_domains ) }}
myhostname:
"{{ postfix_server_name }}"
mydomain:
"{{ postfix_server_domain }}"
mynetworks: >-
{{ ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128'] |
union( postfix_local_networks ) }}
virtual_alias_maps: >-
{% for d in postfix_mail_domains %}
{% set p = postfix_domain_config[d].alias_lookup.provider|default(postfix_lookup_provider) %}
{% if p == "ldap" %}
ldap:/etc/postfix/{{ d }}_ldap_alias.cf
{% if postfix_domain_config[d].alias_lookup.use_group_as_alias|default(postfix_ldap_use_group_alias) %},
ldap:/etc/postfix/{{ d }}_ldap_group.cf
{% endif %}
{% elif p == "sqlite" %}
sqlite:/etc/postfix/{{d}}_sqlite_alias.cf
{% elif p == "file" %}
hash:/etc/postfix/{{ d }}_aliases
{% endif %}, /etc/postfix/{{ d }}_noreply
{{ '' if loop.last else ',' }}{% endfor %}
virtual_mailbox_maps: >-
{% for d in postfix_mail_domains %}
{% set p = postfix_domain_config[d].user_lookup.provider|default(postfix_lookup_provider) %}
{% if p == "ldap" %}
ldap:/etc/postfix/{{ d }}_ldap_user.cf
{% elif p == "sqlite" %}
sqlite:/etc/postfix/{{ d }}_sqlite_user.cf
{% elif p == "file" %}
hash:/etc/postfix/{{ d }}_users
{% endif %}{{ '' if loop.last else ',' }}{% endfor %}
virtual_transport:
lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains:
"{{ postfix_mail_domains }}"
smtpd_sasl_path: private/auth
smtpd_sasl_type: dovecot
smtpd_sasl_auth_enable:
"{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
smtpd_tls_cert_file:
"{{ postfix_tls_certificate }}"
smtpd_tls_key_file:
"{{ postfix_tls_private_key }}"
smtp_tls_security_level:
"{{postfix_incoming_tls_security}}"
smtpd_tls_security_level:
"{{postfix_outgoing_tls_security}}"
smtpd_tls_auth_only:
"{{ 'yes' if postfix_allow_insecure_auth else 'no'}}"
smtpd_tls_session_cache_database:
"{{ 'btree:${data_directory}/smtpd_scache' if postfix_tls_session_cache else '' }}"
smtpd_client_restrictions:
"{{ postfix_client_restrictions }}"
smtpd_data_restrictions:
"{{ postfix_data_restrictions }}"
smtpd_helo_restrictions:
"{{ postfix_helo_restrictions }}"
smtpd_relay_restrictions:
"{{ postfix_relay_restrictions }}"
smtpd_recipient_restrictions:
"{{ postfix_recipient_restrictions }}"
message_size_limit:
"{{ postfix_message_size_limit }}"
smtpd_helo_required:
"{{ 'yes' if postfix_helo_required else 'no' }}"
biff:
"{{ 'yes' if postfix_biff else 'no' }}"
notify: reload postfix
- name: "Enable submission service"
postconf:
service: submission
type: inet
private: 'n'
command: smtpd
parameter:
milter_macro_daemon_name: ORIGINATING
smtpd_client_restrictions:
- permit_sasl_authenticated
- reject
smtpd_sasl_auth_enable: 'yes'
smtpd_tls_security_level: encrypt
syslog_name: postfix/submission
notify: reload postfix
when: "postfix_submission_enable == True"
- name: "Disable submission service"
postconf:
service: submission
type: inet
state: absent
notify: reload postfix
when: "postfix_submission_enable == False"
- name: "Enable postscreen"
include_tasks: postscreen.yml
when: "postfix_postscreen_enable == True"
- name: "Disable postscreen"
include_tasks: postscreen_disable.yml
when: "postfix_postscreen_enable == False"
# TODO: mensajes
# TODO: milter_header_checks
Reference in New Issue View Git Blame Copy Permalink