ansible-role-postfix/templates/postfix/master.cf.j2
phil 8c79f8b687 Use Ansible defaults to insert comments
Enable vscodium code highlighting for some files
2024-03-27 17:39:16 +01:00

94 lines
4.8 KiB
Django/Jinja

{{ ansible_managed | comment }}
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
{% if postfix_type == "internet" %}
smtp inet n - y - 1 postscreen
smtpd pass - - y - {{ postfix_smtpd_maxproc }} smtpd
-o cleanup_service_name=smtpd-in
{% else %}
smtp inet n - y - - smtpd
{% endif %}
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
{% if postfix_submission is defined and postfix_submission %}
smtps inet n - y - 100 smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
-o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
-o smtpd_tls_dh1024_param_file={{ dhparam_file }}
-o smtpd_tls_mandatory_protocols=!TLSv1,!TLSv1.1
-o smtpd_tls_protocols=!TLSv1,!TLSv1.1
-o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject
-o smtpd_sasl_auth_enable=yes
{% if postfix_smtpd_sender_login_maps is defined %}
-o smtpd_sender_login_maps={{ postfix_smtpd_sender_login_maps | join(', ') }}
{% endif %}
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o cleanup_service_name=subclean
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
-o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
-o smtpd_tls_dh1024_param_file={{ dhparam_file }}
-o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject
-o smtpd_sasl_auth_enable=yes
{% if postfix_smtpd_sender_login_maps is defined %}
-o smtpd_sender_login_maps={{ postfix_smtpd_sender_login_maps | join(', ') }}
{% endif %}
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o cleanup_service_name=subclean
{% if postfix_submission_non_tls_port is defined %}
{{ postfix_submission_non_tls_port }} inet n - y - - smtpd
-o syslog_name=postfix/submission-local
-o smtpd_tls_security_level=none
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_sasl_auth_enable=no
-o cleanup_service_name=subclean
{% endif %}
{% endif %}
dlimit unix - - n - - smtp
-o syslog_name=postfix-dlimit
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
smtptor unix - - n - - smtp_tor
-o smtp_dns_support_level=disabled
-o smtp_tls_security_level=none
-o smtp_tls_policy_maps=
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
# Outbound: Remove sensible headers
subclean unix n - y - 0 cleanup
-o header_checks=regexp:{{ postfix_conf_dir }}/header_treatment
# Inbound: Remove some headers
smtpd-in unix n - y - 0 cleanup
-o syslog_name=postfix/smtpd-in
-o header_checks=pcre:{{ postfix_conf_dir }}/header_checks_inbound