Fixes

tasks/main.yml

@@ -29,7 +29,7 @@
   tags: tls-helper
 
 - name: MTA-STS
-  ansible.builtin.import_tasks: mta-sts.yml
+  ansible.builtin.include_tasks: mta-sts.yml
   tags: mta-sts
   loop: "{{ postfix_domains }}"
 

tasks/mta-sts.yml

@@ -9,16 +9,16 @@
   ansible.builtin.lineinfile:
     path: /etc/dehydrated/domains.txt
     line: "mta-sts.{{ item.name }}"
-  when: "'dehydrated' in ansible_facts.packages and item.mta-sts is defined and item.mta-sts"
+  when: "'dehydrated' in ansible_facts.packages and item.mta_sts is defined and item.mta_sts"
   loop: "{{ postfix_domains }}"
   notify: Get certificate
 
 - name: "MTA-STS | Copy Nginx configuration"
   ansible.builtin.template:
-    src: nginx/nginx-mta-sts.j2
+    src: nginx/mta-sts.j2
     dest: "/etc/nginx/sites-available/mta-sts.{{ item.name }}"
     mode: "0644"
-  when: item.mta-sts is defined and item.mta-sts
+  when: item.mta_sts is defined and item.mta_sts
   loop: "{{ postfix_domains }}"
 
 - name: "MTA-STS | Enable Nginx configuration"
@@ -26,6 +26,6 @@
     src: "/etc/nginx/sites-available/mta-sts.{{ item.name }}"
     dest: "/etc/nginx/sites-enabled/mta-sts.{{ item.name }}"
     state: link
-  when: item.mta-sts is defined and item.mta-sts
+  when: item.mta_sts is defined and item.mta_sts
   loop: "{{ postfix_domains }}"
   notify: reload nginx

tasks/tls-helper.yml

@@ -37,6 +37,7 @@
   ansible.builtin.command:
     cmd: "postmap {{ postfix_default_db_type }}:{{ tls_helper_domains_file }}"
     chdir: "{{ tls_helper_postfix_dir }}"
+    creates: "{{ tls_helper_postfix_dir }}/{{ tls_helper_domains_file }}.{{ postfix_default_db_type }}"
 
 - name: "TLS-helper | Link files"
   ansible.builtin.file:

templates/postfix/conf.d/transport_relay.j2

@@ -6,7 +6,9 @@
 {% if domain.comment is defined %}
 # {{ domain.comment }}
 {% endif %}
+{% if domain.relay_host is defined %}
 {{ "%-50s %s" | format(domain.name, domain.relay_host) }}
 {% endif %}
+{% endif %}
 {% endfor %}
 {% endif %}

templates/postfix/main.cf.j2

@@ -135,7 +135,7 @@ smtp_sasl_security_options = noanonymous
 #### Postscreen
 postscreen_access_list =
     permit_mynetworks
-    cidr:{{ postfix_conf_dir }}/postscreen_access.cidr
+    cidr:{{ postfix_conf_dir }}/postscreen_access
 postscreen_blacklist_action = drop
 
 # Pregreeting
@@ -240,7 +240,9 @@ smtpd_data_restrictions =
 
 ### Connection limits
 smtpd_client_connection_rate_limit = 100
+{% if postfix_smtpd_client_event_limit_exceptions is defined %}
 smtpd_client_event_limit_exceptions = {{ postfix_smtpd_client_event_limit_exceptions | join(', ') }}
+{% endif %}
 smtpd_client_message_rate_limit = 25
 smtpd_client_new_tls_session_rate_limit = 100
 smtpd_client_auth_rate_limit = 100