From 6f70c6afc9273c165ad34a5f82b7cdda9f2cde61 Mon Sep 17 00:00:00 2001
From: Hinrikus Wolf <mail@hinrikus-wolf.de>
Date: Sun, 21 Jul 2019 16:57:09 +0200
Subject: [PATCH] introduce postfix satellite as replacement for nullmailer
---
postfix/defaults/main.yml | 13 +++++++++++++
postfix/templates/main.cf.j2 | 23 +++++++++++++++++------
postfix/templates/master.cf.j2 | 9 ++++++++-
3 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/postfix/defaults/main.yml b/postfix/defaults/main.yml
index 6cbd8df..83d7015 100644
--- a/postfix/defaults/main.yml
+++ b/postfix/defaults/main.yml
@@ -43,3 +43,16 @@ postfix_transport_maps: []
# use_mx: true
postfix_my_networks: []
+postfix_notify_classes: []
+postfix_satellite_only: false
+
+## sane defaults for postfix satellites
+#
+# postfix_satellite_only: true
+# postfix_enable_postscreen: false
+# postfix_domains: []
+# postfix_notify_classes:
+# - 2bounce
+# postfix_relay_host: relay.example.com
+# postfix_tls_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+# postfix_tls_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
diff --git a/postfix/templates/main.cf.j2 b/postfix/templates/main.cf.j2
index d078ddb..1138a63 100644
--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
@@ -1,6 +1,6 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-inet_interfaces = all
+inet_interfaces = {{ "loopback-only" if postfix_satellite_only else "all" }}
inet_protocols = all
myhostname = {{ ansible_fqdn }}
myorigin = /etc/mailname
@@ -10,6 +10,9 @@ relayhost = {{ postfix_relay_host }}
{% if postfix_transport_maps|bool %}
transport_maps = cdb:/etc/postfix/transport
{% endif %}
+
+{% if not postfix_satellite_only %}
+
{% if postfix_domains|count > 0 %}
{% if postfix_prefer_lmtp %}
mailbox_transport = lmtp:unix:private/dovecot-lmtp
@@ -18,6 +21,13 @@ mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
{% endif %}
{% endif %}
+smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_auth_enable = yes
+
+{% endif %}
+
append_dot_mydomain = no
biff = no
compatibility_level = 2
@@ -31,10 +41,6 @@ recipient_delimiter = +
#strict_rfc821_envelopes = no
smtpd_banner = $myhostname ESMTP $mail_name
-smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
@@ -47,6 +53,7 @@ smtpd_tls_cert_file = {{ postfix_tls_cert }}
smtpd_tls_key_file = {{ postfix_tls_key }}
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+{% if not postfix_satellite_only %}
smtpd_tls_protocols = {{ postfix_tls_protocols }}
smtpd_tls_mandatory_protocols = {{ postfix_tls_protocols }}
{% if postfix_tls_mandatory_ciphers %}
@@ -67,6 +74,7 @@ tls_medium_cipherlist = {{ postfix_tls_medium_cipherlist }}
{% if postfix_tls_dh_file %}
smtpd_tls_dh1024_param_file = /etc/postfix/dh.pem
{% endif %}
+{% endif %}
alias_maps = cdb:/etc/aliases
alias_database = cdb:/etc/aliases
@@ -81,7 +89,10 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_gid_maps = static:5000
{% endif %}
-{% if postfix_enable_postscreen %}
+{% set _x = postfix_notify_classes.extend(["resource", "software"]) %}
+notify_classes = {{ postfix_notify_classes|unique|join(", ") }}
+
+{% if postfix_enable_postscreen and not postfix_satellite_only %}
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr
{% if postfix_enable_memcached %}
diff --git a/postfix/templates/master.cf.j2 b/postfix/templates/master.cf.j2
index e742199..2d4a4ff 100644
--- a/postfix/templates/master.cf.j2
+++ b/postfix/templates/master.cf.j2
@@ -9,11 +9,12 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
-{% if postfix_enable_postscreen %}
+{% if postfix_enable_postscreen and not postfix_satellite_only %}
smtp inet n - y - 1 postscreen
{% else %}
smtp inet n - y - - smtpd
{% endif %}
+{% if not postfix_satellite_only %}
smtpd pass - - y - - smtpd
{% if postfix_content_filter %}
-o content_filter={{ postfix_content_filter }}
@@ -51,6 +52,7 @@ submission inet n - y - - smtpd
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
+{% endif %}
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
@@ -76,6 +78,9 @@ virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
+{% if ansible_distribution_major_version|int >= 10 %}
+postlog unix-dgram n - n - 1 postlogd
+{% endif %}
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
@@ -89,6 +94,7 @@ scache unix - - y - 1 scache
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
+{% if not postfix_satellite_only %}
dovecot unix - n n - - pipe
flags=DRhu user=5001:5000 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
@@ -96,6 +102,7 @@ dovecot unix - n n - - pipe
spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
{% endif %}
+{% endif %}
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
--
GitLab