From f32891c328cc7fdc42ec426d6e40b06935472252 Mon Sep 17 00:00:00 2001 From: phil Date: Mon, 17 Apr 2023 23:17:22 +0200 Subject: [PATCH] Fixes --- tasks/main.yml | 2 +- tasks/mta-sts.yml | 8 ++++---- tasks/tls-helper.yml | 1 + templates/postfix/conf.d/transport_relay.j2 | 2 ++ templates/postfix/main.cf.j2 | 4 +++- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 533ee41..3c8f5da 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -29,7 +29,7 @@ tags: tls-helper - name: MTA-STS - ansible.builtin.import_tasks: mta-sts.yml + ansible.builtin.include_tasks: mta-sts.yml tags: mta-sts loop: "{{ postfix_domains }}" diff --git a/tasks/mta-sts.yml b/tasks/mta-sts.yml index e1c5bc3..1ff8a83 100644 --- a/tasks/mta-sts.yml +++ b/tasks/mta-sts.yml @@ -9,16 +9,16 @@ ansible.builtin.lineinfile: path: /etc/dehydrated/domains.txt line: "mta-sts.{{ item.name }}" - when: "'dehydrated' in ansible_facts.packages and item.mta-sts is defined and item.mta-sts" + when: "'dehydrated' in ansible_facts.packages and item.mta_sts is defined and item.mta_sts" loop: "{{ postfix_domains }}" notify: Get certificate - name: "MTA-STS | Copy Nginx configuration" ansible.builtin.template: - src: nginx/nginx-mta-sts.j2 + src: nginx/mta-sts.j2 dest: "/etc/nginx/sites-available/mta-sts.{{ item.name }}" mode: "0644" - when: item.mta-sts is defined and item.mta-sts + when: item.mta_sts is defined and item.mta_sts loop: "{{ postfix_domains }}" - name: "MTA-STS | Enable Nginx configuration" @@ -26,6 +26,6 @@ src: "/etc/nginx/sites-available/mta-sts.{{ item.name }}" dest: "/etc/nginx/sites-enabled/mta-sts.{{ item.name }}" state: link - when: item.mta-sts is defined and item.mta-sts + when: item.mta_sts is defined and item.mta_sts loop: "{{ postfix_domains }}" notify: reload nginx diff --git a/tasks/tls-helper.yml b/tasks/tls-helper.yml index 6aa7324..be4940a 100644 --- a/tasks/tls-helper.yml +++ b/tasks/tls-helper.yml @@ -37,6 +37,7 @@ ansible.builtin.command: cmd: "postmap {{ postfix_default_db_type }}:{{ tls_helper_domains_file }}" chdir: "{{ tls_helper_postfix_dir }}" + creates: "{{ tls_helper_postfix_dir }}/{{ tls_helper_domains_file }}.{{ postfix_default_db_type }}" - name: "TLS-helper | Link files" ansible.builtin.file: diff --git a/templates/postfix/conf.d/transport_relay.j2 b/templates/postfix/conf.d/transport_relay.j2 index 3f6e34d..9be0a76 100644 --- a/templates/postfix/conf.d/transport_relay.j2 +++ b/templates/postfix/conf.d/transport_relay.j2 @@ -6,7 +6,9 @@ {% if domain.comment is defined %} # {{ domain.comment }} {% endif %} +{% if domain.relay_host is defined %} {{ "%-50s %s" | format(domain.name, domain.relay_host) }} {% endif %} +{% endif %} {% endfor %} {% endif %} diff --git a/templates/postfix/main.cf.j2 b/templates/postfix/main.cf.j2 index fb97418..afa08c7 100644 --- a/templates/postfix/main.cf.j2 +++ b/templates/postfix/main.cf.j2 @@ -135,7 +135,7 @@ smtp_sasl_security_options = noanonymous #### Postscreen postscreen_access_list = permit_mynetworks - cidr:{{ postfix_conf_dir }}/postscreen_access.cidr + cidr:{{ postfix_conf_dir }}/postscreen_access postscreen_blacklist_action = drop # Pregreeting @@ -240,7 +240,9 @@ smtpd_data_restrictions = ### Connection limits smtpd_client_connection_rate_limit = 100 +{% if postfix_smtpd_client_event_limit_exceptions is defined %} smtpd_client_event_limit_exceptions = {{ postfix_smtpd_client_event_limit_exceptions | join(', ') }} +{% endif %} smtpd_client_message_rate_limit = 25 smtpd_client_new_tls_session_rate_limit = 100 smtpd_client_auth_rate_limit = 100