postfix: add several options to increase flexibility

1e505a7e · Lars Beckers · 1fb7cd00 · 1e505a7e · 1e505a7e
Commit 1e505a7e authored 4 years ago by Lars Beckers
--- a/postfix/defaults/main.yml
+++ b/postfix/defaults/main.yml
@@ -17,6 +17,24 @@ postfix_enable_dovecot: true
 postfix_enable_submission: true
 postfix_enable_smtps: false

+postfix_sasl_auth_header: false
+postfix_enable_long_queue_ids: false
+postfix_tls_received_header: false
+
+# These variables were introduced for compatibility to a certain setup.
+# They may disappear without prior notice and/or may not work as expected.
+postfix_smtpd_recipient_limit: 1000
+postfix_minimal_backoff_time: 300s
+postfix_maximal_backoff_time: 4000s
+postfix_mailbox_command: '/usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"'
+postfix_relay_domains: []
+postfix_alias_maps:
+  - cdb:/etc/aliases
+postfix_virtual_alias_maps:
+  - cdb:/etc/postfix/virtual
+postfix_sender_login_maps:
+  - proxy:pcre:/etc/postfix/login_maps.pcre
+
 postfix_enable_postscreen: true
 postfix_enable_memcached: false
 postfix_login_suffix: ''

--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
@@ -6,6 +6,8 @@ myhostname = {{ ansible_fqdn }}
 myorigin = /etc/mailname
 mydestination = $myhostname localhost {{ postfix_domains | join(" ") }}
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ postfix_my_networks|join(" ") }}
+
+relay_domains = {{ postfix_relay_domains|join(" ") }}
 relayhost = {{ postfix_relay_host }}
 {% if postfix_transport_maps|count > 0 %}
 transport_maps = cdb:/etc/postfix/transport
@@ -16,37 +18,38 @@ local_recipient_maps =
 {% endif %}

 {% if not postfix_satellite_only and postfix_enable_dovecot %}
-{% if postfix_domains|count > 0 %}
-{% if postfix_prefer_lmtp %}
+{% if postfix_domains|count > 0 and postfix_prefer_lmtp %}
 mailbox_transport = lmtp:unix:private/dovecot-lmtp
-{% else %}
-mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
-{% endif %}
+{% elif postfix_domains|count > 0 and not postfix_prefer_lmtp %}
+mailbox_command = {{ postfix_mailbox_command }}
 {% endif %}

-smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
+smtpd_sender_login_maps = {{ postfix_sender_login_maps|join(" ") }}
+smtpd_sender_restrictions = reject_sender_login_mismatch
+
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_authenticated_header = {{ 'yes' if postfix_sasl_auth_header else 'no' }}
+smtpd_sasl_local_domain = $myhostname
 {% endif %}

-append_dot_mydomain = no
 biff = no
-compatibility_level = 2
-#delay_warning_time = 4h
+append_dot_mydomain = no
+readme_directory = no
 disable_vrfy_command = yes
-#enable_long_queue_ids = yes
-mailbox_size_limit = 0
+compatibility_level = 2
+
+enable_long_queue_ids = {{ 'yes' if postfix_enable_long_queue_ids else 'no' }}
+minimal_backoff_time = {{ postfix_minimal_backoff_time }}
+maximal_backoff_time = {{ postfix_maximal_backoff_time }}
 message_size_limit = {{ postfix_message_size_limit }}
-readme_directory = no
+mailbox_size_limit = 0
 recipient_delimiter = +
-#strict_rfc821_envelopes = no

 smtpd_banner = $myhostname ESMTP $mail_name
-smtpd_relay_restrictions =
-	permit_mynetworks
-	permit_sasl_authenticated
-	defer_unauth_destination
+smtpd_recipient_limit = {{ postfix_smtpd_recipient_limit }}
 {% if postfix_verify_spf %}
 smtpd_recipient_restrictions=
     permit_mynetworks
@@ -65,6 +68,7 @@ smtp_tls_security_level = may
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 smtpd_tls_security_level = may
 smtpd_tls_auth_only = yes
+smtpd_tls_received_header = {{ 'yes' if postfix_tls_received_header else 'no' }}
 smtpd_tls_cert_file = {{ postfix_tls_cert }}
 smtpd_tls_key_file = {{ postfix_tls_key }}
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
@@ -96,10 +100,10 @@ smtpd_tls_dh1024_param_file = /etc/postfix/dh.pem
 tls_ssl_options = NO_COMPRESSION
 {% endif %}

-alias_maps = cdb:/etc/aliases
+alias_maps = {{ postfix_alias_maps|join(" ") }}
 alias_database = cdb:/etc/aliases
 {% if virtual_aliases|default([])|count > 0 or postfix_virtual_domains|count > 0 %}
-virtual_alias_maps = cdb:/etc/postfix/virtual
+virtual_alias_maps = {{ postfix_virtual_alias_maps|join(" ") }}
 {% endif %}

 {% if postfix_virtual_domains|count > 0 and postfix_enable_dovecot %}