Introduce more configuration variables

defaults/main.yml

@@ -12,7 +12,12 @@ postfix_default_db_type: cdb
 postfix_dhparam_file: /etc/ssl/private/dhparam.pem
 postfix_pflogsum_mail_subject: "Mailserver Statistics"
 postfix_myhostname: "$myorigin"
+postfix_relayhost: ""
 postfix_type: internet
 
+postfix_alias_maps:
+  - path: "/etc/aliases"
+    type: hash
+
 tls_helper_domains_file: tls_domains
 tls_helper_postfix_dir: /var/lib/postfix/tls-helper

tasks/postfix.yml

@@ -36,6 +36,7 @@
   loop:
     - bad_smtp_auth_users
     - bogus_mx
+    - canonical
     - client_checks
     - destination_limit
     - header_add
@@ -45,6 +46,7 @@
     - postscreen_access
     - relay_by_sender
     - relay_checks
+    - sender_canonical
     - sender_checks
     - smtp_sasl_auth_password
     - transport_global_exceptions

templates/postfix/conf.d/authorized_submit_users.j2

@@ -0,0 +1,7 @@
+### {{ ansible_managed }}
+
+{% if postfix_authorized_submit_users is defined %}
+{% for user in postfix_authorized_submit_users %}
+{{ user }}
+{% endfor %}
+{% endif %}

templates/postfix/conf.d/canonical.j2

@@ -0,0 +1,7 @@
+### {{ managed_by_ansible }}
+
+{% if postfix_canonical_maps is defined %}
+{% for map in postfix_canonical_maps %}
+{{ "%-30s %s" | format(map.src, map.dest) }}
+{% endfor %}
+{% endif %}

templates/postfix/conf.d/sender_canonical.j2

@@ -0,0 +1,7 @@
+### {{ managed_by_ansible }}
+
+{% if postfix_sender_canonical_maps is defined %}
+{% for map in postfix_sender_canonical_maps %}
+{{ "%-30s %s" | format(map.src, map.dest) }}
+{% endfor %}
+{% endif %}

templates/postfix/main.cf.j2

@@ -116,6 +116,31 @@ transport_maps =
 {% endfor %}
 {% endif %}
 
+relayhost: {{ postfix_relayhost}}
+
+{% if postfix_canonical_maps is defined %}
+canonical_maps = 
+{% for map in postfix_canonical_maps %}
+    {{ map.type}}:{{ map.path }}
+{% endfor %}
+{% endif %}
+
+{% if postfix_sender_canonical_maps is defined %}
+sender_canonical_maps = 
+{% for map in postfix_sender_canonical_maps %}
+    {{ map.type}}:{{ map.path }}
+{% endfor %}
+{% endif %}
+
+{% if postfix_type == "internet" %}
+# Postfix-default: alias_maps = hash:/etc/mail/aliases nis:mail.aliases
+# Prevents delays caused by NIS queries
+{% endif %}
+alias_maps =
+{% for map in postfix_alias_map %}
+    {{ map.type }}:{{ map.path }}
+{% endfor %}
+
 {% if postfix_smtpd_sasl_type is defined %}
 ### SMTP Auth, server side
 broken_sasl_auth_clients = yes
@@ -298,10 +323,6 @@ html_directory = /usr/share/doc/postfix/html
 disable_vrfy_command = yes
 recipient_delimiter = +
 
-# Postfix-default: alias_maps = hash:/etc/mail/aliases nis:mail.aliases
-# Prevents delays caused by NIS queries
-alias_maps =
-
 # Error notifications
 # http://www.postfix.org/postconf.5.html#notify_classes
 notify_classes = data, delay, resource, software
@@ -335,3 +356,11 @@ proxy_read_maps =
     {{ map }}
 {% endfor %}
 {% endif %}
+
+{% if postfix_authorized_submit_users is defined %}
+# Allow/ prevent sendmail delivery for specific users
+authorized_submit_users =
+{% for map in postfix_authorized_submit_users %}
+    {{ map }}
+{% endfor %}
+{% endif %}