From 594e66d04f7b7f94dfea50ac0f06e171740fabd7 Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Fri, 1 Jan 2021 16:51:41 +0100
Subject: [PATCH] postfix: allow to selectively enable user facing daemons
---
postfix/defaults/main.yml | 4 ++++
postfix/templates/main.cf.j2 | 10 ++++++----
postfix/templates/master.cf.j2 | 25 +++++++++++++------------
3 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/postfix/defaults/main.yml b/postfix/defaults/main.yml
index c452306..3c1adc3 100644
--- a/postfix/defaults/main.yml
+++ b/postfix/defaults/main.yml
@@ -12,10 +12,14 @@ postfix_tls_key: /etc/ssl/private/privkey.pem
postfix_tls_configuration: 'previous'
postfix_prefer_lmtp: false
+postfix_enable_dovecot: true
+postfix_enable_submission: true
+postfix_enable_smtps: false
postfix_enable_postscreen: true
postfix_enable_memcached: false
postfix_login_suffix: ''
+postfix_luser_relay: ''
postfix_dnsbl_sites:
- name: zen.spamhaus.org
- name: bl.spamcop.net
diff --git a/postfix/templates/main.cf.j2 b/postfix/templates/main.cf.j2
index a56e2e4..e27e9b5 100644
--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
@@ -10,9 +10,12 @@ relayhost = {{ postfix_relay_host }}
{% if postfix_transport_maps|count > 0 %}
transport_maps = cdb:/etc/postfix/transport
{% endif %}
+{% if postfix_luser_relay != "" %}
+luser_relay = {{ postfix_luser_relay }}
+local_recipient_maps =
+{% endif %}
-{% if not postfix_satellite_only %}
-
+{% if not postfix_satellite_only and postfix_enable_dovecot %}
{% if postfix_domains|count > 0 %}
{% if postfix_prefer_lmtp %}
mailbox_transport = lmtp:unix:private/dovecot-lmtp
@@ -25,7 +28,6 @@ smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
-
{% endif %}
append_dot_mydomain = no
@@ -98,7 +100,7 @@ alias_maps = cdb:/etc/aliases
alias_database = cdb:/etc/aliases
virtual_alias_maps = cdb:/etc/postfix/virtual
-{% if postfix_virtual_domains|count > 0 %}
+{% if postfix_virtual_domains|count > 0 and postfix_enable_dovecot %}
virtual_mailbox_domains = {{ postfix_virtual_domains | join(", ") }}
virtual_mailbox_base = /var/vmail/
virtual_mailbox_limit = 512000000
diff --git a/postfix/templates/master.cf.j2 b/postfix/templates/master.cf.j2
index 90d235d..38e4c54 100644
--- a/postfix/templates/master.cf.j2
+++ b/postfix/templates/master.cf.j2
@@ -21,6 +21,7 @@ smtpd pass - - y - - smtpd
{% endif %}
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
+{% if postfix_enable_submission %}
submission inet n - y - - smtpd
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
@@ -40,17 +41,17 @@ submission inet n - y - - smtpd
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-#smtps inet n - y - - smtpd
-# -o syslog_name=postfix/smtps
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
+{% endif %}
+{% if postfix_enable_smtps %}
+smtps inet n - y - - smtpd
+ -o syslog_name=postfix/smtps
+ -o smtpd_tls_wrappermode=yes
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_reject_unlisted_recipient=no
+ -o smtpd_recipient_restrictions=
+ -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+ -o milter_macro_daemon_name=ORIGINATING
+{% endif %}
#628 inet n - y - - qmqpd
{% endif %}
pickup unix n - y 60 1 pickup
@@ -99,7 +100,7 @@ policy-spf unix - n n - 0 spawn
user=nobody argv=/usr/bin/policyd-spf
{% endif %}
-{% if not postfix_satellite_only %}
+{% if not postfix_satellite_only and postfix_enable_dovecot %}
dovecot unix - n n - - pipe
flags=DRhu user=5001:5000 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
--
GitLab