introduce postfix satellite as replacement for nullmailer

6f70c6af · Hinrikus Wolf · 58d3e727 · 6f70c6af · 6f70c6af · 6f70c6af
Commit 6f70c6af authored Jul 21, 2019 by Hinrikus Wolf
--- a/postfix/defaults/main.yml
+++ b/postfix/defaults/main.yml
@@ -43,3 +43,16 @@ postfix_transport_maps: []
 #    use_mx: true
 postfix_my_networks: []
+postfix_notify_classes: []
+postfix_satellite_only: false
+## sane defaults for postfix satellites
+#
+# postfix_satellite_only: true
+# postfix_enable_postscreen: false
+# postfix_domains: []
+# postfix_notify_classes:
+#   - 2bounce
+# postfix_relay_host: relay.example.com
+# postfix_tls_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+# postfix_tls_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
-inet_interfaces = all
+inet_interfaces = {{ "loopback-only" if postfix_satellite_only else "all" }}
 inet_protocols = all
 myhostname = {{ ansible_fqdn }}
 myorigin = /etc/mailname
@@ -10,6 +10,9 @@ relayhost = {{ postfix_relay_host }}
 {% if postfix_transport_maps|bool %}
 transport_maps = cdb:/etc/postfix/transport
 {% endif %}
+{% if not postfix_satellite_only %}
 {% if postfix_domains|count > 0 %}
 {% if postfix_prefer_lmtp %}
 mailbox_transport = lmtp:unix:private/dovecot-lmtp
@@ -18,6 +21,13 @@ mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
 {% endif %}
 {% endif %}
+smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_auth_enable = yes
+{% endif %}
 append_dot_mydomain = no
 biff = no
 compatibility_level = 2
@@ -31,10 +41,6 @@ recipient_delimiter = +
 #strict_rfc821_envelopes = no
 smtpd_banner = $myhostname ESMTP $mail_name
-smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_auth_enable = yes
 smtpd_relay_restrictions =
 	permit_mynetworks
 	permit_sasl_authenticated
@@ -47,6 +53,7 @@ smtpd_tls_cert_file = {{ postfix_tls_cert }}
 smtpd_tls_key_file = {{ postfix_tls_key }}
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+{% if not postfix_satellite_only %}
 smtpd_tls_protocols = {{ postfix_tls_protocols }}
 smtpd_tls_mandatory_protocols = {{ postfix_tls_protocols }}
 {% if postfix_tls_mandatory_ciphers %}
@@ -67,6 +74,7 @@ tls_medium_cipherlist = {{ postfix_tls_medium_cipherlist }}
 {% if postfix_tls_dh_file %}
 smtpd_tls_dh1024_param_file = /etc/postfix/dh.pem
 {% endif %}
+{% endif %}
 alias_maps = cdb:/etc/aliases
 alias_database = cdb:/etc/aliases
@@ -81,7 +89,10 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp
 virtual_gid_maps = static:5000
 {% endif %}
-{% if postfix_enable_postscreen %}
+{% set _x = postfix_notify_classes.extend(["resource", "software"]) %}
+notify_classes = {{ postfix_notify_classes|unique|join(", ") }}
+{% if postfix_enable_postscreen and not postfix_satellite_only %}
 postscreen_access_list = permit_mynetworks
                         cidr:/etc/postfix/postscreen_access.cidr
 {% if postfix_enable_memcached %}

--- a/postfix/templates/master.cf.j2
+++ b/postfix/templates/master.cf.j2
@@ -9,11 +9,12 @@
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
-{% if postfix_enable_postscreen %}
+{% if postfix_enable_postscreen and not postfix_satellite_only %}
 smtp      inet  n       -       y       -       1       postscreen
 {% else %}
 smtp     inet  n       -       y       -       -       smtpd
 {% endif %}
+{% if not postfix_satellite_only %}
 smtpd     pass  -       -       y       -       -       smtpd
 {% if postfix_content_filter %}
  -o content_filter={{ postfix_content_filter }}
@@ -51,6 +52,7 @@ submission inet n       -       y       -       -       smtpd
 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
 #628	  inet  n       -       y       -       -       qmqpd
+{% endif %}
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
@@ -76,6 +78,9 @@ virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       y       -       -       lmtp
 anvil     unix  -       -       y       -       1       anvil
 scache    unix  -       -       y       -       1       scache
+{% if ansible_distribution_major_version|int >= 10 %}
+postlog   unix-dgram n  -       n       -       1       postlogd
+{% endif %}
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
@@ -89,6 +94,7 @@ scache    unix  -       -       y       -       1       scache
 # maildrop. See the Postfix MAILDROP_README file for details.
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
+{% if not postfix_satellite_only %}
 dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=5001:5000 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
@@ -96,6 +102,7 @@ dovecot   unix  -       n       n       -       -       pipe
 spamassassin	unix -     n       n       -       -       pipe
  user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
 {% endif %}
+{% endif %}
 #maildrop  unix  -       n       n       -       -       pipe
 #  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}