ansible-role-postfix/README.md

Postfix
=======

Use this role to setup a Postfix mail server. It comes with the following additions:
- [Mail-TLS-Helper](https://github.com/systemli/mail-tls-helper)
- Fail2ban
- optional: [MTA-STS-Resolver](https://github.com/Snawoot/postfix-mta-sts-resolver)
- optional: [OnionMX](https://github.com/ehloonion/onionmx)
- optional: Unbound

## General type of mail server configuration

You can select via the variable `postfix_type` a pre-defined set of configuraion options that best meets your needs.
- `internet`: Mail is send received directly using SMTP. TLS is enabled.
- `internal`: Mail is sent to another machine on the same network for delivery. TLS is disabled. Only listens on port 25.

## Variables

### Required

| Variable | Value | Default | Note |
|--|--|--|--|
| `postfix_type` | str | `internet` | Determines how to setup Postfix. Choose `internet` or `internal` |

### Scope: misc

| Variable | Value | Default | Note |
|--|--|--|--|
| `unbound_install` | bool | | `True` if you whish to install unbound |
| `postfix_onionmx` | bool | | `True` to setup OnionMX delivery |
| `postfix_tls_herlp` | bool | `True` to setup Mail-TLS-Helper |
| `postfix_mydestination` | List | | List with hostnames |
| `postfix_mynetworks` | List | | List with network addresses |

### Scope: submission

| Variable | Value | Default | Note |
|--|--|--|--|
| `postfix_submission` | bool | | Set `True` to configure submission port settings |
| `postfix_submission_smtpd_tls_cert_file` | string |  |Path to TLS cert file |
| `postfix_submission_smtpd_tls_key_file` | string | | Path to TLS key file |
| `postfix_submission_non_tls_port` | int | | Port number for an additional (internal) submission port without TLS |

### Scope: SASL Auth

| Variable | Value | Default | Note |
|--|--|--|--|
| `postfix_smtpd_sasl_type` | string | | |
| `postfix_smtpd_sasl_path` | string | | |
| `postfix_smtp_sasl_auth_enabled` | bool | `no` | |
| `postfix_smtp_sasl_auth_relay` | string | | Relay server which provides SASL-Auth |
| `postfix_smtp_sasl_auth_user` | string | | Username for SASL authentication |
| `postfix_smtp_sasl_auth_password` | string | | Password for SASL authenticatio |
Initial commit 2023-03-20 20:01:04 +01:00			`Postfix`
			`=======`

			`Use this role to setup a Postfix mail server. It comes with the following additions:`
			`- [Mail-TLS-Helper](https://github.com/systemli/mail-tls-helper)`
			`- Fail2ban`
Make Mail-TLS-Helper optional 2024-01-14 10:42:47 +01:00			`- optional: [MTA-STS-Resolver](https://github.com/Snawoot/postfix-mta-sts-resolver)`
Initial commit 2023-03-20 20:01:04 +01:00			`- optional: [OnionMX](https://github.com/ehloonion/onionmx)`
			`- optional: Unbound`
WIP: Add documentation about variables 2023-03-24 13:19:44 +01:00
Introduce postfiy_type to differ between configuration types 2023-04-19 12:10:28 +02:00			`## General type of mail server configuration`

			You can select via the variable `postfix_type` a pre-defined set of configuraion options that best meets your needs.
			- `internet`: Mail is send received directly using SMTP. TLS is enabled.
			- `internal`: Mail is sent to another machine on the same network for delivery. TLS is disabled. Only listens on port 25.
WIP: Add documentation about variables 2023-03-24 13:19:44 +01:00
			`## Variables`

Introduce postfiy_type to differ between configuration types 2023-04-19 12:10:28 +02:00			`### Required`

			`\| Variable \| Value \| Default \| Note \|`
			`\|--\|--\|--\|--\|`
			\| `postfix_type` \| str \| `internet` \| Determines how to setup Postfix. Choose `internet` or `internal` \|

WIP: Add documentation about variables 2023-03-24 13:19:44 +01:00			`### Scope: misc`

			`\| Variable \| Value \| Default \| Note \|`
			`\|--\|--\|--\|--\|`
			\| `unbound_install` \| bool \| \| `True` if you whish to install unbound \|
			\| `postfix_onionmx` \| bool \| \| `True` to setup OnionMX delivery \|
Make Mail-TLS-Helper optional 2024-01-14 10:42:47 +01:00			\| `postfix_tls_herlp` \| bool \| `True` to setup Mail-TLS-Helper \|
WIP: Add documentation about variables 2023-03-24 13:19:44 +01:00			\| `postfix_mydestination` \| List \| \| List with hostnames \|
			\| `postfix_mynetworks` \| List \| \| List with network addresses \|

			`### Scope: submission`

			`\| Variable \| Value \| Default \| Note \|`
			`\|--\|--\|--\|--\|`
			\| `postfix_submission` \| bool \| \| Set `True` to configure submission port settings \|
			\| `postfix_submission_smtpd_tls_cert_file` \| string \| \|Path to TLS cert file \|
			\| `postfix_submission_smtpd_tls_key_file` \| string \| \| Path to TLS key file \|
			\| `postfix_submission_non_tls_port` \| int \| \| Port number for an additional (internal) submission port without TLS \|

Update README with more variables 2023-05-17 21:32:45 +02:00			`### Scope: SASL Auth`

			`\| Variable \| Value \| Default \| Note \|`
			`\|--\|--\|--\|--\|`
			\| `postfix_smtpd_sasl_type` \| string \| \| \|
			\| `postfix_smtpd_sasl_path` \| string \| \| \|
Fix variable names for SASL Auth 2023-06-14 16:14:29 +02:00			\| `postfix_smtp_sasl_auth_enabled` \| bool \| `no` \| \|
			\| `postfix_smtp_sasl_auth_relay` \| string \| \| Relay server which provides SASL-Auth \|
			\| `postfix_smtp_sasl_auth_user` \| string \| \| Username for SASL authentication \|
			\| `postfix_smtp_sasl_auth_password` \| string \| \| Password for SASL authenticatio \|