Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
infra
ansible-shared
communication
Commits
594e66d0
Commit
594e66d0
authored
Jan 01, 2021
by
Lars Beckers
Browse files
postfix: allow to selectively enable user facing daemons
parent
d7036efd
Pipeline
#2710
passed with stage
in 1 minute and 29 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
postfix/defaults/main.yml
View file @
594e66d0
...
...
@@ -12,10 +12,14 @@ postfix_tls_key: /etc/ssl/private/privkey.pem
postfix_tls_configuration
:
'
previous'
postfix_prefer_lmtp
:
false
postfix_enable_dovecot
:
true
postfix_enable_submission
:
true
postfix_enable_smtps
:
false
postfix_enable_postscreen
:
true
postfix_enable_memcached
:
false
postfix_login_suffix
:
'
'
postfix_luser_relay
:
'
'
postfix_dnsbl_sites
:
-
name
:
zen.spamhaus.org
-
name
:
bl.spamcop.net
...
...
postfix/templates/main.cf.j2
View file @
594e66d0
...
...
@@ -10,9 +10,12 @@ relayhost = {{ postfix_relay_host }}
{% if postfix_transport_maps|count > 0 %}
transport_maps = cdb:/etc/postfix/transport
{% endif %}
{% if postfix_luser_relay != "" %}
luser_relay = {{ postfix_luser_relay }}
local_recipient_maps =
{% endif %}
{% if not postfix_satellite_only %}
{% if not postfix_satellite_only and postfix_enable_dovecot %}
{% if postfix_domains|count > 0 %}
{% if postfix_prefer_lmtp %}
mailbox_transport = lmtp:unix:private/dovecot-lmtp
...
...
@@ -25,7 +28,6 @@ smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
{% endif %}
append_dot_mydomain = no
...
...
@@ -98,7 +100,7 @@ alias_maps = cdb:/etc/aliases
alias_database = cdb:/etc/aliases
virtual_alias_maps = cdb:/etc/postfix/virtual
{% if postfix_virtual_domains|count > 0 %}
{% if postfix_virtual_domains|count > 0
and postfix_enable_dovecot
%}
virtual_mailbox_domains = {{ postfix_virtual_domains | join(", ") }}
virtual_mailbox_base = /var/vmail/
virtual_mailbox_limit = 512000000
...
...
postfix/templates/master.cf.j2
View file @
594e66d0
...
...
@@ -21,6 +21,7 @@ smtpd pass - - y - - smtpd
{% endif %}
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
{% if postfix_enable_submission %}
submission inet n - y - - smtpd
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
...
...
@@ -40,17 +41,17 @@ submission inet n - y - - smtpd
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - y - - smtpd
# -o syslog_name=postfix/
smtps
# -o smtpd_tls_wrappermode=yes
#
-o s
mtpd_sasl_auth_enable=ye
s
#
-o smtpd_
reject_unlisted_recipient=no
#
-o smtpd_
client_restrictions=$mua_client_restriction
s
#
-o smtpd_
helo_restrictions=$mua_helo_restrictions
#
-o smtpd_
sender_restrictions=$mua_sender
_restrictions
#
-o smtpd_re
cipient
_restrictions=
#
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
{% endif %}
{% if postfix_enable_
smtps
%}
smtps inet n - y - - smtpd
-o s
yslog_name=postfix/smtp
s
-o smtpd_
tls_wrappermode=yes
-o smtpd_
sasl_auth_enable=ye
s
-o smtpd_
reject_unlisted_recipient=no
-o smtpd_
recipient
_restrictions
=
-o smtpd_re
lay
_restrictions=
permit_mynetworks,permit_sasl_authenticated,reject
-o
milter_macro_daemon_name=ORIGINATING
{% endif %}
#628 inet n - y - - qmqpd
{% endif %}
pickup unix n - y 60 1 pickup
...
...
@@ -99,7 +100,7 @@ policy-spf unix - n n - 0 spawn
user=nobody argv=/usr/bin/policyd-spf
{% endif %}
{% if not postfix_satellite_only %}
{% if not postfix_satellite_only
and postfix_enable_dovecot
%}
dovecot unix - n n - - pipe
flags=DRhu user=5001:5000 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment