Postfix

Use this role to setup a Postfix mail server. It comes with the following additions:

• Mail-TLS-Helper
• Fail2ban
• optional: MTA-STS-Resolver
• optional: OnionMX
• optional: Unbound

General type of mail server configuration

You can select via the variable postfix_type a pre-defined set of configuraion options that best meets your needs.

• internet: Mail is send received directly using SMTP. TLS is enabled.
• internal: Mail is sent to another machine on the same network for delivery. TLS is disabled. Only listens on port 25.

Variables

Required

Variable	Value	Default	Note
postfix_type	str	internet	Determines how to setup Postfix. Choose internet or internal

Scope: misc

Variable	Value	Default	Note
unbound_install	bool		True if you whish to install unbound
postfix_onionmx	bool		True to setup OnionMX delivery
postfix_tls_herlp	bool	True to setup Mail-TLS-Helper
postfix_mydestination	List		List with hostnames
postfix_mynetworks	List		List with network addresses

Scope: submission

Variable	Value	Default	Note
postfix_submission	bool		Set True to configure submission port settings
postfix_submission_smtpd_tls_cert_file	string		Path to TLS cert file
postfix_submission_smtpd_tls_key_file	string		Path to TLS key file
postfix_submission_non_tls_port	int		Port number for an additional (internal) submission port without TLS

Scope: SASL Auth

Variable	Value	Default	Note
postfix_smtpd_sasl_type	string
postfix_smtpd_sasl_path	string
postfix_smtp_sasl_auth_enabled	bool	no
postfix_smtp_sasl_auth_relay	string		Relay server which provides SASL-Auth
postfix_smtp_sasl_auth_user	string		Username for SASL authentication
postfix_smtp_sasl_auth_password	string		Password for SASL authenticatio