From 5ef68a7f78fc8bdc9f2daec814c1e7dc8404a412 Mon Sep 17 00:00:00 2001 From: phil Date: Fri, 24 Mar 2023 12:45:45 +0100 Subject: [PATCH] Rename variable to make it's purpose clearer --- tasks/postfix.yml | 2 ++ templates/postfix/main.cf.j2 | 24 ++++++++++++------------ templates/postfix/master.cf | 8 ++++---- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/tasks/postfix.yml b/tasks/postfix.yml index f981469..8702b17 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -47,6 +47,7 @@ - sender_checks - transport_global_exceptions - transport_relay + - virtual_domains notify: reload postfix - name: "Postfix | Run postmap" @@ -63,6 +64,7 @@ - file: relay_checks - file: sender_checks - file: transport_relay + - file: virtual_domains - name: "Postfix | Create dhparam file" community.crypto.openssl_dhparam: diff --git a/templates/postfix/main.cf.j2 b/templates/postfix/main.cf.j2 index 1ef3067..0f68ff0 100644 --- a/templates/postfix/main.cf.j2 +++ b/templates/postfix/main.cf.j2 @@ -128,7 +128,7 @@ smtp_sasl_security_options = noanonymous #### Postscreen postscreen_access_list = permit_mynetworks - cidr:/etc/postfix/conf.d/postscreen_access.cidr + cidr:{{ postfix_conf_dir }}/postscreen_access.cidr postscreen_blacklist_action = drop # Pregreeting @@ -157,7 +157,7 @@ smtpd_restriction_classes = permit_login_mismatch smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, - check_client_access cdb:/etc/postfix/conf.d/client_checks, + check_client_access cdb:{{ postfix_conf_dir }}/client_checks, reject_unknown_client_hostname, permit @@ -168,28 +168,28 @@ smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, - check_helo_access pcre:/etc/postfix/conf.d/helo_checks, + check_helo_access pcre:{{ postfix_conf_dir }}/helo_checks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, - check_sender_access cdb:/etc/postfix/conf.d/sender_checks, + check_sender_access cdb:{{ postfix_conf_dir }}/sender_checks, reject_non_fqdn_sender, reject_unknown_sender_domain, - check_sender_mx_access cidr:/etc/postfix/conf.d/bogus_mx, + check_sender_mx_access cidr:{{ postfix_conf_dir }}/bogus_mx, #Uncomment the next two lines to block mails from other servers with our domain as MAIL FROM #permit_sasl_authenticated, - #check_sender_access hash:/etc/postfix/conf.d/sender_checks_domain, + #check_sender_access hash:{{ postfix_conf_dir }}/sender_checks_domain, permit {% if postfix_submission is defined and postfix_submission %} # Restrictions for submission port mua_sender_restrictions = - check_sasl_access cdb:/etc/postfix/conf.d/permit_sasl_login_mismatch, + check_sasl_access cdb:{{ postfix_conf_dir }}/permit_sasl_login_mismatch, permit_mynetworks, - check_sender_access cdb:/etc/postfix/conf.d/sender_checks, + check_sender_access cdb:{{ postfix_conf_dir }}/sender_checks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, @@ -204,13 +204,13 @@ permit_login_mismatch = {% if postfix_submission is defined and postfix_submission %} submission_bad_smtp_user_check = - check_sasl_access cdb:/etc/postfix/conf.d/bad_smtp_auth_users + check_sasl_access cdb:{{ postfix_conf_dir }}/bad_smtp_auth_users {% endif %} smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, - check_client_access cdb:/etc/postfix/conf.d/relay_checks, + check_client_access cdb:{{ postfix_conf_dir }}/relay_checks, reject_unauth_destination smtpd_recipient_restrictions = @@ -227,7 +227,7 @@ unverified_recipient_reject_code = 550 smtpd_data_restrictions = reject_multi_recipient_bounce, - check_recipient_access pcre:/etc/postfix/conf.d/header_add, + check_recipient_access pcre:{{ postfix_conf_dir }}/header_add, ### Connection limits smtpd_client_connection_rate_limit = 100 @@ -240,7 +240,7 @@ default_destination_rate_delay = 60s default_destination_recipient_limit = 1 default_destination_concurrency_failed_cohort_limit = 10 -header_checks = pcre:/etc/postfix/conf.d/header_checks +header_checks = pcre:{{ postfix_conf_dir }}/header_checks ### Spam and DKIM {% if postfix_smtpd_milters is defined %} diff --git a/templates/postfix/master.cf b/templates/postfix/master.cf index 1e9951a..dbce963 100644 --- a/templates/postfix/master.cf +++ b/templates/postfix/master.cf @@ -38,8 +38,8 @@ submission inet n - y - - smtpd {% endif %} -o smtpd_sender_restrictions=$mua_sender_restrictions -o cleanup_service_name=subclean -{% if postfix_submission_alternative_port is defined %} -{{ postfix_submission_alternative_port }} inet n - y - - smtpd +{% if postfix_submission_non_tls_port is defined %} +{{ postfix_submission_non_tls_port }} inet n - y - - smtpd -o syslog_name=postfix/submission-local -o smtpd_tls_security_level=none -o smtpd_client_restrictions=permit_mynetworks,reject @@ -82,9 +82,9 @@ postlog unix-dgram n - n - 1 postlogd # Outbound: Remove sensible headers subclean unix n - y - 0 cleanup - -o header_checks=regexp:/etc/postfix/conf.d/header_treatment + -o header_checks=regexp:{{ postfix_conf_dir }}/header_treatment # Inbound: Remove some headers smtpd-in unix n - y - 0 cleanup -o syslog_name=postfix/smtpd-in - -o header_checks=pcre:/etc/postfix/conf.d/header_checks_inbound + -o header_checks=pcre:{{ postfix_conf_dir }}/header_checks_inbound