#!/bin/bash #postconf -M smtpd/pass #postconf -Fh smtp/inet/private smtp/inet/unprivileged smtp/inet/chroot smtp/inet/wakeup smtp/inet/process_limit smtp/inet/command #postconf -M smtp/inet #postconf -M tlsproxy/unix #postconf -M dnsblog/unix #postconf -h postscreen_access_list #postconf -h postscreen_dnsbl_sites #postconf -h postscreen_dnsbl_reply_map #postconf -h postscreen_dnsbl_action #postconf -h postscreen_blacklist_action #postconf -h postscreen_dnsbl_whitelist_threshold #postconf -h postscreen_greet_action #postconf -h postscreen_greet_wait # NOT SUPPORTED: #postconf -h postscreen_bare_newline_enable #postconf -h postscreen_non_smtp_command_enable #postconf -h postscreen_pipelining_enable #postconf -h postscreen_bare_newline_action #postconf -h postscreen_dnsbl_threshold #postconf -h postscreen_non_smtp_command_action #postconf -h postscreen_pipelining_action {{ if eq (getv "/postscreen/enable") "yes"}} postconf -M smtpd/pass="smtpd pass - - n - - smtpd" postconf -F smtpd/pass/private=- \ smtpd/pass/unprivileged=- \ smtpd/pass/chroot=n \ smtpd/pass/wakeup=- \ smtpd/pass/process_limit=- \ smtpd/pass/command="smtpd" postconf -F smtp/inet/private=n \ smtp/inet/unprivileged=- \ smtp/inet/chroot=n \ smtp/inet/wakeup=- \ smtp/inet/process_limit=1 \ smtp/inet/command="postscreen" postconf -M tlsproxy/unix="tlsproxy unix - - n - 0 tlsproxy" postconf -F tlsproxy/unix/private=- \ tlsproxy/unix/unprivileged=- \ tlsproxy/unix/chroot=n \ tlsproxy/unix/wakeup=- \ tlsproxy/unix/process_limit=0 \ tlsproxy/unix/command="tlsproxy" postconf -M dnsblog/unix="dnsblog unix - - n - 0 dnsblog" postconf -F dnsblog/unix/private=- \ dnsblog/unix/unprivileged=- \ dnsblog/unix/chroot=n \ dnsblog/unix/wakeup=- \ dnsblog/unix/process_limit=0 \ dnsblog/unix/command="dnsblog" postconf -P smtpd/pass/content_filter=spamfilter # FIXME: template tables instead of creating empty files touch /etc/postfix/rules/postscreen_access_list.cidr touch /etc/postfix/rules/postscreen_dnsbl_mask.pcre # main.cf options # FIXME: allow un-setting options by blanking variable values {{ with getv "/postscreen/access/list" }}postconf -e postscreen_access_list='{{.}}'{{ end }} {{ with getv "/postscreen/blacklist/action" }}postconf -e postscreen_blacklist_action='{{.}}'{{ end }} {{ with getv "/postscreen/dnsbl/sites" }}postconf -e postscreen_dnsbl_sites='{{.}}'{{ end }} {{ with getv "/postscreen/dnsbl/reply/map" }}postconf -e postscreen_dnsbl_reply_map='{{.}}'{{ end }} {{ with getv "/postscreen/dnsbl/action" }}postconf -e postscreen_dnsbl_action='{{.}}'{{ end }} {{ with getv "/postscreen/dnsbl/threshold" }}postconf -e postscreen_dnsbl_threshold='{{.}}'{{ end }} {{ with getv "/postscreen/dnsbl/whitelist/threshold" }}postconf -e postscreen_dnsbl_whitelist_threshold='{{.}}'{{ end }} {{ with getv "/postscreen/greet/action" }}postconf -e postscreen_greet_action='{{.}}'{{ end }} {{ else }} # disable postscreen postconf -M# smtpd/pass postconf -F smtp/inet/private=n \ smtp/inet/unprivileged=- \ smtp/inet/chroot=n \ smtp/inet/wakeup=- \ smtp/inet/process_limit=- \ smtp/inet/command="smtpd" postconf -P smtp/inet/content_filter=spamfilter postconf -M# dnsblog/unix {{ end }} # TODO: access list: # # Ansible-generated postscreen CIDR access table. You can change this # # file by setting the host variable `postfix_postscreen_access_list` # {% for entry in postfix_postscreen_access_list -%} # { { entry.address } } { { entry.action } } # {% endfor %} # TODO: reply map: # # postscreen reply map, matching entries will be replaced # # with the resulting text when telling the source of DNS # # blacklisting to the remote client. # # used to mask passwords contained in dnsbl names # # edit this file by setting the "mask" option for items # # in the host variable postfix_postscreen_dnsbl_sites # {% for entry in postfix_postscreen_dnsbl_sites -%} # {% if entry is mapping -%}{% if entry.mask is defined -%} # {% if entry.mask is string and entry.mask != "" -%} # /^{ { entry.site } }$/ { { entry.mask } } # {% else %} # /^{ { entry.site } }$/ dnsbl blacklist # {% endif %}{% endif %}{% endif %}{% endfor %}