From 8df0ffd7e2764c00078eb5e81cbf829d6f233df8 Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Wed, 19 Apr 2023 12:47:39 +0200
Subject: [PATCH] Introduce more configuration variables

---
 defaults/main.yml                             |  5 +++
 tasks/postfix.yml                             |  2 +
 .../postfix/conf.d/authorized_submit_users.j2 |  7 ++++
 templates/postfix/conf.d/canonical.j2         |  7 ++++
 templates/postfix/conf.d/sender_canonical.j2  |  7 ++++
 templates/postfix/main.cf.j2                  | 37 +++++++++++++++++--
 6 files changed, 61 insertions(+), 4 deletions(-)
 create mode 100644 templates/postfix/conf.d/authorized_submit_users.j2
 create mode 100644 templates/postfix/conf.d/canonical.j2
 create mode 100644 templates/postfix/conf.d/sender_canonical.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index dc7fc4f..7d4fdbd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -12,7 +12,12 @@ postfix_default_db_type: cdb
 postfix_dhparam_file: /etc/ssl/private/dhparam.pem
 postfix_pflogsum_mail_subject: "Mailserver Statistics"
 postfix_myhostname: "$myorigin"
+postfix_relayhost: ""
 postfix_type: internet
 
+postfix_alias_maps:
+  - path: "/etc/aliases"
+    type: hash
+
 tls_helper_domains_file: tls_domains
 tls_helper_postfix_dir: /var/lib/postfix/tls-helper
diff --git a/tasks/postfix.yml b/tasks/postfix.yml
index 0aad824..ae3d703 100644
--- a/tasks/postfix.yml
+++ b/tasks/postfix.yml
@@ -36,6 +36,7 @@
   loop:
     - bad_smtp_auth_users
     - bogus_mx
+    - canonical
     - client_checks
     - destination_limit
     - header_add
@@ -45,6 +46,7 @@
     - postscreen_access
     - relay_by_sender
     - relay_checks
+    - sender_canonical
     - sender_checks
     - smtp_sasl_auth_password
     - transport_global_exceptions
diff --git a/templates/postfix/conf.d/authorized_submit_users.j2 b/templates/postfix/conf.d/authorized_submit_users.j2
new file mode 100644
index 0000000..062b8b8
--- /dev/null
+++ b/templates/postfix/conf.d/authorized_submit_users.j2
@@ -0,0 +1,7 @@
+### {{ ansible_managed }}
+
+{% if postfix_authorized_submit_users is defined %}
+{% for user in postfix_authorized_submit_users %}
+{{ user }}
+{% endfor %}
+{% endif %}
diff --git a/templates/postfix/conf.d/canonical.j2 b/templates/postfix/conf.d/canonical.j2
new file mode 100644
index 0000000..2585cd1
--- /dev/null
+++ b/templates/postfix/conf.d/canonical.j2
@@ -0,0 +1,7 @@
+### {{ managed_by_ansible }}
+
+{% if postfix_canonical_maps is defined %}
+{% for map in postfix_canonical_maps %}
+{{ "%-30s %s" | format(map.src, map.dest) }}
+{% endfor %}
+{% endif %}
diff --git a/templates/postfix/conf.d/sender_canonical.j2 b/templates/postfix/conf.d/sender_canonical.j2
new file mode 100644
index 0000000..d06f03c
--- /dev/null
+++ b/templates/postfix/conf.d/sender_canonical.j2
@@ -0,0 +1,7 @@
+### {{ managed_by_ansible }}
+
+{% if postfix_sender_canonical_maps is defined %}
+{% for map in postfix_sender_canonical_maps %}
+{{ "%-30s %s" | format(map.src, map.dest) }}
+{% endfor %}
+{% endif %}
diff --git a/templates/postfix/main.cf.j2 b/templates/postfix/main.cf.j2
index 58bde48..ae6f619 100644
--- a/templates/postfix/main.cf.j2
+++ b/templates/postfix/main.cf.j2
@@ -116,6 +116,31 @@ transport_maps =
 {% endfor %}
 {% endif %}
 
+relayhost: {{ postfix_relayhost}}
+
+{% if postfix_canonical_maps is defined %}
+canonical_maps = 
+{% for map in postfix_canonical_maps %}
+    {{ map.type}}:{{ map.path }}
+{% endfor %}
+{% endif %}
+
+{% if postfix_sender_canonical_maps is defined %}
+sender_canonical_maps = 
+{% for map in postfix_sender_canonical_maps %}
+    {{ map.type}}:{{ map.path }}
+{% endfor %}
+{% endif %}
+
+{% if postfix_type == "internet" %}
+# Postfix-default: alias_maps = hash:/etc/mail/aliases nis:mail.aliases
+# Prevents delays caused by NIS queries
+{% endif %}
+alias_maps =
+{% for map in postfix_alias_map %}
+    {{ map.type }}:{{ map.path }}
+{% endfor %}
+
 {% if postfix_smtpd_sasl_type is defined %}
 ### SMTP Auth, server side
 broken_sasl_auth_clients = yes
@@ -298,10 +323,6 @@ html_directory = /usr/share/doc/postfix/html
 disable_vrfy_command = yes
 recipient_delimiter = +
 
-# Postfix-default: alias_maps = hash:/etc/mail/aliases nis:mail.aliases
-# Prevents delays caused by NIS queries
-alias_maps =
-
 # Error notifications
 # http://www.postfix.org/postconf.5.html#notify_classes
 notify_classes = data, delay, resource, software
@@ -335,3 +356,11 @@ proxy_read_maps =
     {{ map }}
 {% endfor %}
 {% endif %}
+
+{% if postfix_authorized_submit_users is defined %}
+# Allow/ prevent sendmail delivery for specific users
+authorized_submit_users =
+{% for map in postfix_authorized_submit_users %}
+    {{ map }}
+{% endfor %}
+{% endif %}