postfix: allow to selectively enable user facing daemons

594e66d0 · Lars Beckers · d7036efd · 594e66d0 · 594e66d0 · 594e66d0
Commit 594e66d0 authored Jan 01, 2021 by Lars Beckers
--- a/postfix/defaults/main.yml
+++ b/postfix/defaults/main.yml
@@ -12,10 +12,14 @@ postfix_tls_key: /etc/ssl/private/privkey.pem
 postfix_tls_configuration: 'previous'

 postfix_prefer_lmtp: false
+postfix_enable_dovecot: true
+postfix_enable_submission: true
+postfix_enable_smtps: false

 postfix_enable_postscreen: true
 postfix_enable_memcached: false
 postfix_login_suffix: ''
+postfix_luser_relay: ''
 postfix_dnsbl_sites:
  - name: zen.spamhaus.org
  - name: bl.spamcop.net

--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
@@ -10,9 +10,12 @@ relayhost = {{ postfix_relay_host }}
 {% if postfix_transport_maps|count > 0 %}
 transport_maps = cdb:/etc/postfix/transport
 {% endif %}
+{% if postfix_luser_relay != "" %}
+luser_relay = {{ postfix_luser_relay }}
+local_recipient_maps =
+{% endif %}

-{% if not postfix_satellite_only %}
-
+{% if not postfix_satellite_only and postfix_enable_dovecot %}
 {% if postfix_domains|count > 0 %}
 {% if postfix_prefer_lmtp %}
 mailbox_transport = lmtp:unix:private/dovecot-lmtp
@@ -25,7 +28,6 @@ smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 smtpd_sasl_auth_enable = yes
-
 {% endif %}

 append_dot_mydomain = no
@@ -98,7 +100,7 @@ alias_maps = cdb:/etc/aliases
 alias_database = cdb:/etc/aliases
 virtual_alias_maps = cdb:/etc/postfix/virtual

-{% if postfix_virtual_domains|count > 0 %}
+{% if postfix_virtual_domains|count > 0 and postfix_enable_dovecot %}
 virtual_mailbox_domains = {{ postfix_virtual_domains | join(", ") }}
 virtual_mailbox_base = /var/vmail/
 virtual_mailbox_limit = 512000000

--- a/postfix/templates/master.cf.j2
+++ b/postfix/templates/master.cf.j2
@@ -21,6 +21,7 @@ smtpd     pass  -       -       y       -       -       smtpd
 {% endif %}
 dnsblog   unix  -       -       y       -       0       dnsblog
 tlsproxy  unix  -       -       y       -       0       tlsproxy
+{% if postfix_enable_submission %}
 submission inet n       -       y       -       -       smtpd
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
@@ -40,17 +41,17 @@ submission inet n       -       y       -       -       smtpd
 #  -o smtpd_recipient_restrictions=
 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
-#smtps     inet  n       -       y       -       -       smtpd
-#  -o syslog_name=postfix/smtps
-#  -o smtpd_tls_wrappermode=yes
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_reject_unlisted_recipient=no
-#  -o smtpd_client_restrictions=$mua_client_restrictions
-#  -o smtpd_helo_restrictions=$mua_helo_restrictions
-#  -o smtpd_sender_restrictions=$mua_sender_restrictions
-#  -o smtpd_recipient_restrictions=
-#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
+{% endif %}
+{% if postfix_enable_smtps %}
+smtps     inet  n       -       y       -       -       smtpd
+  -o syslog_name=postfix/smtps
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_recipient_restrictions=
+  -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
+{% endif %}
 #628	  inet  n       -       y       -       -       qmqpd
 {% endif %}
 pickup    unix  n       -       y       60      1       pickup
@@ -99,7 +100,7 @@ policy-spf unix -       n       n       -       0       spawn
  user=nobody argv=/usr/bin/policyd-spf
 {% endif %}

-{% if not postfix_satellite_only %}
+{% if not postfix_satellite_only and postfix_enable_dovecot %}
 dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=5001:5000 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}