Introduce postfiy_type to differ between configuration types
This commit is contained in:
parent
2c432028d0
commit
237cfae5a5
4 changed files with 34 additions and 2 deletions
11
README.md
11
README.md
|
|
@ -8,9 +8,20 @@ Use this role to setup a Postfix mail server. It comes with the following additi
|
||||||
- optional: [OnionMX](https://github.com/ehloonion/onionmx)
|
- optional: [OnionMX](https://github.com/ehloonion/onionmx)
|
||||||
- optional: Unbound
|
- optional: Unbound
|
||||||
|
|
||||||
|
## General type of mail server configuration
|
||||||
|
|
||||||
|
You can select via the variable `postfix_type` a pre-defined set of configuraion options that best meets your needs.
|
||||||
|
- `internet`: Mail is send received directly using SMTP. TLS is enabled.
|
||||||
|
- `internal`: Mail is sent to another machine on the same network for delivery. TLS is disabled. Only listens on port 25.
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
|
### Required
|
||||||
|
|
||||||
|
| Variable | Value | Default | Note |
|
||||||
|
|--|--|--|--|
|
||||||
|
| `postfix_type` | str | `internet` | Determines how to setup Postfix. Choose `internet` or `internal` |
|
||||||
|
|
||||||
### Scope: misc
|
### Scope: misc
|
||||||
|
|
||||||
| Variable | Value | Default | Note |
|
| Variable | Value | Default | Note |
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@ postfix_daemon_dir: /usr/lib/postfix/sbin
|
||||||
postfix_default_db_type: cdb
|
postfix_default_db_type: cdb
|
||||||
postfix_dhparam_file: /etc/ssl/private/dhparam.pem
|
postfix_dhparam_file: /etc/ssl/private/dhparam.pem
|
||||||
postfix_pflogsum_mail_subject: "Mailserver Statistics"
|
postfix_pflogsum_mail_subject: "Mailserver Statistics"
|
||||||
|
postfix_myhostname: "$myorigin"
|
||||||
|
postfix_type: internet
|
||||||
|
|
||||||
tls_helper_domains_file: tls_domains
|
tls_helper_domains_file: tls_domains
|
||||||
tls_helper_postfix_dir: /var/lib/postfix/tls-helper
|
tls_helper_postfix_dir: /var/lib/postfix/tls-helper
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
### {{ ansible_managed }}
|
### {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% if postfix_smtp_banner is defined %}
|
||||||
smtpd_banner = {{ postfix_smtpd_banner }}
|
smtpd_banner = {{ postfix_smtpd_banner }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if postfix_debug_peer_list is defined %}
|
{% if postfix_debug_peer_list is defined %}
|
||||||
### Debug Logging
|
### Debug Logging
|
||||||
|
|
@ -11,11 +13,18 @@ debug_peer_list = {{ postfix_debug_peer_list | join(', ') }}
|
||||||
inet_interfaces = all
|
inet_interfaces = all
|
||||||
inet_protocols = ipv4
|
inet_protocols = ipv4
|
||||||
|
|
||||||
myhostname = $myorigin
|
myhostname = {{ postfix_myhostname }}
|
||||||
|
{% if postfix_myorigin is defined %}
|
||||||
myorigin = {{ postfix_myorigin }}
|
myorigin = {{ postfix_myorigin }}
|
||||||
|
{% endif %}
|
||||||
|
{% if postfix_mydestination is defined %}
|
||||||
mydestination = {{ postfix_mydestination | join(', ') }}
|
mydestination = {{ postfix_mydestination | join(', ') }}
|
||||||
|
{% endif %}
|
||||||
|
{% if postfix_mynetworks is defined %}
|
||||||
mynetworks = {{ postfix_mynetworks | join(', ') }}
|
mynetworks = {{ postfix_mynetworks | join(', ') }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if postfix_type == "internet" %}
|
||||||
### TLS settings
|
### TLS settings
|
||||||
tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
|
tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
|
||||||
tls_preempt_cipherlist = no
|
tls_preempt_cipherlist = no
|
||||||
|
|
@ -58,6 +67,7 @@ smtp_tls_fingerprint_digest = sha1
|
||||||
smtp_tls_loglevel = 1
|
smtp_tls_loglevel = 1
|
||||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
smtp_pix_workarounds = disable_esmtp
|
smtp_pix_workarounds = disable_esmtp
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
### Domains and recipients
|
### Domains and recipients
|
||||||
{% if postfix_virtual_mailbox_domains is defined %}
|
{% if postfix_virtual_mailbox_domains is defined %}
|
||||||
|
|
@ -67,7 +77,6 @@ virtual_mailbox_domains =
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if postfix_virtual_mailbox_maps is defined %}
|
{% if postfix_virtual_mailbox_maps is defined %}
|
||||||
# Check for existing recipients
|
|
||||||
virtual_mailbox_maps =
|
virtual_mailbox_maps =
|
||||||
{% for map in postfix_virtual_mailbox_maps %}
|
{% for map in postfix_virtual_mailbox_maps %}
|
||||||
{{ map.type }}:{{ map.path }}
|
{{ map.type }}:{{ map.path }}
|
||||||
|
|
@ -132,6 +141,7 @@ smtp_sasl_password_maps =
|
||||||
smtp_sasl_security_options = noanonymous
|
smtp_sasl_security_options = noanonymous
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if postfix_type == "internet" %}
|
||||||
#### Postscreen
|
#### Postscreen
|
||||||
postscreen_access_list =
|
postscreen_access_list =
|
||||||
permit_mynetworks
|
permit_mynetworks
|
||||||
|
|
@ -150,7 +160,9 @@ postscreen_dnsbl_sites =
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
postscreen_dnsbl_action = drop
|
postscreen_dnsbl_action = drop
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if postfix_type == "internet" %}
|
||||||
# Postfix runs restrictions with the following order
|
# Postfix runs restrictions with the following order
|
||||||
# - smtpd_client_restriction
|
# - smtpd_client_restriction
|
||||||
# - smtpd_helo_restriction
|
# - smtpd_helo_restriction
|
||||||
|
|
@ -229,6 +241,7 @@ smtpd_recipient_restrictions =
|
||||||
permit_mynetworks,
|
permit_mynetworks,
|
||||||
permit_sasl_authenticated,
|
permit_sasl_authenticated,
|
||||||
reject_unverified_recipient
|
reject_unverified_recipient
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Configuration for reject_unverified_recipient
|
# Configuration for reject_unverified_recipient
|
||||||
unverified_recipient_reject_reason = User unknown / Nutzer unbekannt
|
unverified_recipient_reject_reason = User unknown / Nutzer unbekannt
|
||||||
|
|
@ -253,6 +266,7 @@ default_destination_concurrency_failed_cohort_limit = 10
|
||||||
|
|
||||||
header_checks = pcre:{{ postfix_conf_dir }}/header_checks
|
header_checks = pcre:{{ postfix_conf_dir }}/header_checks
|
||||||
|
|
||||||
|
{% if postfix_type == "internet" %}
|
||||||
### Spam and DKIM
|
### Spam and DKIM
|
||||||
{% if postfix_smtpd_milters is defined %}
|
{% if postfix_smtpd_milters is defined %}
|
||||||
smtpd_milters =
|
smtpd_milters =
|
||||||
|
|
@ -274,6 +288,7 @@ milter_connect_timeout = 20s
|
||||||
|
|
||||||
# Prevent DKIM signatures (don't allow spam header to change the signature)
|
# Prevent DKIM signatures (don't allow spam header to change the signature)
|
||||||
disable_mime_output_conversion = yes
|
disable_mime_output_conversion = yes
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
### Misc
|
### Misc
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,9 +4,13 @@
|
||||||
# service type private unpriv chroot wakeup maxproc command + args
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
# (yes) (yes) (no) (never) (100)
|
# (yes) (yes) (no) (never) (100)
|
||||||
# ==========================================================================
|
# ==========================================================================
|
||||||
|
{% if postfix_type == "internet" %}
|
||||||
smtp inet n - y - 1 postscreen
|
smtp inet n - y - 1 postscreen
|
||||||
smtpd pass - - y - 100 smtpd
|
smtpd pass - - y - 100 smtpd
|
||||||
-o cleanup_service_name=smtpd-in
|
-o cleanup_service_name=smtpd-in
|
||||||
|
{% else %}
|
||||||
|
smtp inet n - y - - smtpd
|
||||||
|
{% endif %}
|
||||||
dnsblog unix - - y - 0 dnsblog
|
dnsblog unix - - y - 0 dnsblog
|
||||||
tlsproxy unix - - y - 0 tlsproxy
|
tlsproxy unix - - y - 0 tlsproxy
|
||||||
{% if postfix_submission is defined and postfix_submission %}
|
{% if postfix_submission is defined and postfix_submission %}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue