Introduce postfiy_type to differ between configuration types
This commit is contained in:
parent
2c432028d0
commit
237cfae5a5
4 changed files with 34 additions and 2 deletions
|
|
@ -1,6 +1,8 @@
|
|||
### {{ ansible_managed }}
|
||||
|
||||
{% if postfix_smtp_banner is defined %}
|
||||
smtpd_banner = {{ postfix_smtpd_banner }}
|
||||
{% endif %}
|
||||
|
||||
{% if postfix_debug_peer_list is defined %}
|
||||
### Debug Logging
|
||||
|
|
@ -11,11 +13,18 @@ debug_peer_list = {{ postfix_debug_peer_list | join(', ') }}
|
|||
inet_interfaces = all
|
||||
inet_protocols = ipv4
|
||||
|
||||
myhostname = $myorigin
|
||||
myhostname = {{ postfix_myhostname }}
|
||||
{% if postfix_myorigin is defined %}
|
||||
myorigin = {{ postfix_myorigin }}
|
||||
{% endif %}
|
||||
{% if postfix_mydestination is defined %}
|
||||
mydestination = {{ postfix_mydestination | join(', ') }}
|
||||
{% endif %}
|
||||
{% if postfix_mynetworks is defined %}
|
||||
mynetworks = {{ postfix_mynetworks | join(', ') }}
|
||||
{% endif %}
|
||||
|
||||
{% if postfix_type == "internet" %}
|
||||
### TLS settings
|
||||
tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
|
||||
tls_preempt_cipherlist = no
|
||||
|
|
@ -58,6 +67,7 @@ smtp_tls_fingerprint_digest = sha1
|
|||
smtp_tls_loglevel = 1
|
||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||
smtp_pix_workarounds = disable_esmtp
|
||||
{% endif %}
|
||||
|
||||
### Domains and recipients
|
||||
{% if postfix_virtual_mailbox_domains is defined %}
|
||||
|
|
@ -67,7 +77,6 @@ virtual_mailbox_domains =
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if postfix_virtual_mailbox_maps is defined %}
|
||||
# Check for existing recipients
|
||||
virtual_mailbox_maps =
|
||||
{% for map in postfix_virtual_mailbox_maps %}
|
||||
{{ map.type }}:{{ map.path }}
|
||||
|
|
@ -132,6 +141,7 @@ smtp_sasl_password_maps =
|
|||
smtp_sasl_security_options = noanonymous
|
||||
{% endif %}
|
||||
|
||||
{% if postfix_type == "internet" %}
|
||||
#### Postscreen
|
||||
postscreen_access_list =
|
||||
permit_mynetworks
|
||||
|
|
@ -150,7 +160,9 @@ postscreen_dnsbl_sites =
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
postscreen_dnsbl_action = drop
|
||||
{% endif %}
|
||||
|
||||
{% if postfix_type == "internet" %}
|
||||
# Postfix runs restrictions with the following order
|
||||
# - smtpd_client_restriction
|
||||
# - smtpd_helo_restriction
|
||||
|
|
@ -229,6 +241,7 @@ smtpd_recipient_restrictions =
|
|||
permit_mynetworks,
|
||||
permit_sasl_authenticated,
|
||||
reject_unverified_recipient
|
||||
{% endif %}
|
||||
|
||||
# Configuration for reject_unverified_recipient
|
||||
unverified_recipient_reject_reason = User unknown / Nutzer unbekannt
|
||||
|
|
@ -253,6 +266,7 @@ default_destination_concurrency_failed_cohort_limit = 10
|
|||
|
||||
header_checks = pcre:{{ postfix_conf_dir }}/header_checks
|
||||
|
||||
{% if postfix_type == "internet" %}
|
||||
### Spam and DKIM
|
||||
{% if postfix_smtpd_milters is defined %}
|
||||
smtpd_milters =
|
||||
|
|
@ -274,6 +288,7 @@ milter_connect_timeout = 20s
|
|||
|
||||
# Prevent DKIM signatures (don't allow spam header to change the signature)
|
||||
disable_mime_output_conversion = yes
|
||||
{% endif %}
|
||||
|
||||
### Misc
|
||||
|
||||
|
|
|
|||
|
|
@ -4,9 +4,13 @@
|
|||
# service type private unpriv chroot wakeup maxproc command + args
|
||||
# (yes) (yes) (no) (never) (100)
|
||||
# ==========================================================================
|
||||
{% if postfix_type == "internet" %}
|
||||
smtp inet n - y - 1 postscreen
|
||||
smtpd pass - - y - 100 smtpd
|
||||
-o cleanup_service_name=smtpd-in
|
||||
{% else %}
|
||||
smtp inet n - y - - smtpd
|
||||
{% endif %}
|
||||
dnsblog unix - - y - 0 dnsblog
|
||||
tlsproxy unix - - y - 0 tlsproxy
|
||||
{% if postfix_submission is defined and postfix_submission %}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue