diff --git a/postfix/defaults/main.yml b/postfix/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9c10031cb3a9dd27db3c2f3664e0c15522d6a804
--- /dev/null
+++ b/postfix/defaults/main.yml
@@ -0,0 +1,27 @@
+---
+
+postfix_domains:
+ - "{{ domain }}"
+postfix_virtual_domains: []
+
+postfix_tls_cert: /etc/ssl/private/fullchain.pem
+postfix_tls_key: /etc/ssl/private/privkey.pem
+postfix_tls_ciphers: "{{ tls_ciphers }}"
+postfix_tls_protocols: "!SSLv2 !SSLv3"
+
+postfix_login_suffix: '@extmind.de'
+postfix_prefer_lmtp: no
+postfix_enable_memcached: no
+postfix_login_suffix: ''
+postfix_dnsbl_sites:
+ - name: zen.spamhaus.org
+ - name: bl.spamcop.net
+ - name: b.barracudacentral.org
+ - name: '#swl.spamhaus.org'
+ modifier: 2
+ - name: list.dnswl.org
+ modifier: -5
+postfix_network_access:
+ - cidr: 134.130.5.32/27 # rwth
+ action: permit
+postfix_content_filter: no # or: spamassassin
diff --git a/postfix/files/login_maps.pcre b/postfix/files/login_maps.pcre
deleted file mode 100644
index 96399fc12c05fadc7e0f42b73eb946dedcf635ad..0000000000000000000000000000000000000000
--- a/postfix/files/login_maps.pcre
+++ /dev/null
@@ -1 +0,0 @@
-/^(.*)$/ ${1}
diff --git a/postfix/files/postscreen_whitelist b/postfix/files/postscreen_whitelist
deleted file mode 100644
index 887c952d74ae36452737bd4e1986745d42f85dce..0000000000000000000000000000000000000000
--- a/postfix/files/postscreen_whitelist
+++ /dev/null
@@ -1,16 +0,0 @@
-# Django : 2014-10-29
-# access-Tabelle: Wer wird von postscreen ausgenommen und wer nicht?
-# Tabelle zum black- und whitelisten einzelner Hosts auf Basis ihrer
-# IP-Adressen. In der rechten Tabellenspalte können die AKtionen
-# "permit", "reject" und "dunno" gesetzt werden.
-# Nach dem Ändern und/oder Erweitern der Tabelle, muß ein
-# laufender Postfix über die Änderungen mit einem reload informiert
-# werden:
-# $ systemctl reload postfix.service
-#
-# Es muss hier keine Datenbank mit postmap erzeugt werden, da
-# Postfix die ASCII-Konfigurationsdatei direkt auswertet!
-#
-
-# roughly the RWTH network for the e-mail servers
-134.130.5.32/27 permit
diff --git a/postfix/files/sender_login_map.hash b/postfix/files/sender_login_map.hash
deleted file mode 100644
index e80951f06c9cb87a223b2fdba0ca2f6335c84b25..0000000000000000000000000000000000000000
--- a/postfix/files/sender_login_map.hash
+++ /dev/null
@@ -1 +0,0 @@
-test@wolfscloud.de test@wolfscloud.de
diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml
index 9400d43ffc410f0e60a90b232dfe7c37ebccc9ab..17df26b99598b309e9de2eb57ca465192740f44c 100644
--- a/postfix/tasks/main.yml
+++ b/postfix/tasks/main.yml
@@ -1,34 +1,35 @@
---
- name: ensure all required postfix packages are installed
- apt: name={{ item }} state=present
+ apt:
+ name: "{{ item }}"
+ state: present
with_items:
- postfix
- postfix-pcre
- postfix-cdb
- - memcached
tags:
- postfix
- mail
-- name: ensure not templated config is present
- copy: src=files/{{ item }} dest=/etc/postfix/
- with_items:
- - login_maps.pcre
- - sender_login_map.hash
- - postscreen_whitelist
- notify:
- - restart postfix
+- name: ensure additional packages are installed if required
+ apt:
+ name: memcached
+ state: present
+ when: postfix_enable_memcached
tags:
- postfix
- mail
-- name: ensure templated config is present
- template: src=templates/{{ item }}.j2 dest=/etc/postfix/{{ item }}
+- name: ensure config is present
+ template:
+ src: "{{ item }}.j2"
+ dest: "/etc/postfix/{{ item }}"
with_items:
+ - login_maps.pcre
- master.cf
- main.cf
- - postscreen_cache
+ - postscreen_access.cidr
notify:
- restart postfix
tags:
@@ -36,7 +37,21 @@
- mail
- name: ensure memcached config is present
- template: src=templates/memcached.conf.j2 dest=/etc/memcached.conf
+ template:
+ src: memcached.conf.j2
+ dest: /etc/memcached.conf
+ when: postfix_enable_memcached
+ notify:
+ - restart memcached
+ tags:
+ - postfix
+ - mail
+
+- name: ensure postscreen memcached integration is present
+ template:
+ src: postscreen_cache.j2
+ dest: /etc/postfix/postscreen_cache
+ when: postfix_enable_memcached
notify:
- restart memcached
tags:
@@ -44,7 +59,9 @@
- mail
- name: ensure system alias database is present
- template: src=templates/aliases.j2 dest=/etc/aliases
+ template:
+ src: aliases.j2
+ dest: /etc/aliases
notify:
- postmap system
tags:
@@ -52,15 +69,21 @@
- mail
- name: ensure virtual alias database is present
- template: src=templates/v_aliases.j2 dest=/etc/postfix/virtual
+ template:
+ src: virtual.j2
+ dest: /etc/postfix/virtual
notify:
- postmap virtual
tags:
- postfix
- mail
-- meta: flush_handlers
-
-
-
-
+- name: ensure mailname is properly configured
+ template:
+ src: mailname.j2
+ dest: /etc/mailname
+ notify:
+ - restart postfix
+ tags:
+ - postfix
+ - mail
diff --git a/postfix/templates/aliases.j2 b/postfix/templates/aliases.j2
index 71ae0df53b516d4886074421bf76aafea6aea345..90ef766aecfe1a12e9b4dd113b7bcf55456e1436 100644
--- a/postfix/templates/aliases.j2
+++ b/postfix/templates/aliases.j2
@@ -1,4 +1,3 @@
{% for alias in system_aliases %}
-{{ alias.src }}:{{ alias.dest }}
+{{ alias.src }}: {{ alias.dest }}
{% endfor %}
-
diff --git a/postfix/templates/login_maps.pcre.j2 b/postfix/templates/login_maps.pcre.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8a395f7879c5a5c4d21770321eb2159f406406eb
--- /dev/null
+++ b/postfix/templates/login_maps.pcre.j2
@@ -0,0 +1 @@
+/^(.*){{ postfix_login_suffix }}$/ ${1}
diff --git a/postfix/templates/mailname.j2 b/postfix/templates/mailname.j2
new file mode 100644
index 0000000000000000000000000000000000000000..81008bac28684edb06528802426d0c82acdeb96d
--- /dev/null
+++ b/postfix/templates/mailname.j2
@@ -0,0 +1 @@
+{{ domain }}
diff --git a/postfix/templates/main.cf.j2 b/postfix/templates/main.cf.j2
index 4b42739221144893e00533536c797c5268d03127..b891d06cabac1898f6f96f2a3234746c09aafa44 100644
--- a/postfix/templates/main.cf.j2
+++ b/postfix/templates/main.cf.j2
@@ -1,45 +1,34 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+inet_interfaces = all
+inet_protocols = all
+myhostname = {{ ansible_fqdn }}
+myorigin = /etc/mailname
+mydestination = $myhostname localhost {{ postfix_domains | join(" ") }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+relayhost =
+{% if postfix_domains|count > 0 %}
+{% if postfix_prefer_lmtp %}
+mailbox_transport = lmtp:unix:private/dovecot-lmtp
+{% else %}
+mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
+{% endif %}
+{% endif %}
-# Debian specific: Specifying a file name will cause the first
-# line of that file to be used as the name. The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
+biff = no
+compatibility_level = 2
#delay_warning_time = 4h
-
+disable_vrfy_command = yes
+#enable_long_queue_ids = yes
+mailbox_size_limit = 0
+#message_size_limit = 41943040
readme_directory = no
+recipient_delimiter = +
+#strict_rfc821_envelopes = no
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
-
-# TLS parameters
-smtpd_use_tls = yes
-smtpd_tls_cert_file=/var/lib/acme/live/wolfscloud.de/fullchain
-smtpd_tls_key_file=/var/lib/acme/live/wolfscloud.de/privkey
-smtpd_tls_auth_only=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-#ciphers supported downto android 2.3
-smtpd_tls_mandatory_protocols = !TLSv1 !SSLv2, !SSLv3
-smtpd_tls_protocols = !TLSv1 !SSLv2 !SSLv3
-smtpd_tls_mandatory_ciphers=high
-tls_high_cipherlist = {{ tls_ciphers }}
-smtpd_tls_eecdh_grade=ultra
-
-
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
+smtpd_banner = $myhostname ESMTP $mail_name
+smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
@@ -47,82 +36,56 @@ smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
-myhostname = {{ ansible_fqdn }}
+
+smtpd_use_tls = yes
+smtpd_tls_auth_only = yes
+smtpd_tls_cert_file = {{ postfix_tls_cert }}
+smtpd_tls_key_file = {{ postfix_tls_key }}
+smtpd_tls_eecdh_grade = ultra
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_protocols = {{ postfix_tls_protocols }}
+smtpd_tls_protocols = {{ postfix_tls_protocols }}
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+tls_high_cipherlist = {{ postfix_tls_ciphers }}
+
alias_maps = cdb:/etc/aliases
alias_database = cdb:/etc/aliases
-myorigin = /etc/mailname
-mydestination = $myhostname, localhost
-relayhost =
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-inet_protocols = all
+virtual_alias_maps = cdb:/etc/postfix/virtual
-virtual_mailbox_domains = {{ virtual_domains | join(", ") }}
+{% if postfix_virtual_domains|count > 0 %}
+virtual_mailbox_domains = {{ postfix_virtual_domains | join(", ") }}
virtual_mailbox_base = /var/vmail/
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_gid_maps = static:5000
-virtual_alias_maps = cdb:/etc/postfix/virtual
-smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
+{% endif %}
-################################################################################
-## POSTSCREEN - ERSTE STUFE DER SPAM/UCE/VIREN-ABWEHRMECHANISMEN
-#
-# Django : 2014-10-29 - PERMANENT WHITE/BLACKLIST TEST
-# default: postscreen_access_list = permit_mynetworks
postscreen_access_list = permit_mynetworks
- cidr:/etc/postfix/postscreen_whitelist
-#
-# default: postscreen_blacklist_action = ignore
+ cidr:/etc/postfix/postscreen_access.cidr
+{% if postfix_enable_memcached %}
+postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
+proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
+{% else %}
+postscreen_cache_map = proxy:btree:/var/lib/postfix/postscreen_cache
+{% endif %}
+
postscreen_blacklist_action = drop
-
-
-# Django : 2014-10-29 - MAIL EXCHANGER POLICY TESTS
-# default: postscreen_whitelist_interfaces = static:all
-
-# Django : 2014-10-29 - PRE 220 GREETING TESTS
-#
-# default: postscreen_greet_banner = $smtpd_banner
-#
-# default: postscreen_greet_action = ignore
postscreen_greet_action = enforce
-
-# default: postscreen_dnsbl_threshold = 1
-postscreen_dnsbl_threshold = 2
-#
-# default: postscreen_dnsbl_sites =
-postscreen_dnsbl_sites = zen.spamhaus.org*1
- bl.spamcop.net*1
- b.barracudacentral.org*1
- #swl.spamhaus.org*2
- list.dnswl.org*-5
-#
-# default: postscreen_dnsbl_action = ignore
-postscreen_dnsbl_action = enforce
-
-
-# Django : 2014-10-29 - POST 220 GREETING TESTS
-#
-# default: postscreen_dnsbl_whitelist_threshold = 0
-postscreen_dnsbl_whitelist_threshold = -1
-#
-# default: postscreen_pipelining_enable = no
+# postscreen_whitelist_interfaces = static:all
+# postscreen_greet_banner = $smtpd_banner
postscreen_pipelining_enable = yes
-#
-# default: postscreen_pipelining_action = enforce
-#
-# default: postscreen_non_smtp_command_enable = no
+# postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes
-# default: postscreen_non_smtp_command_action = drop
-#
-# default: postscreen_bare_newline_enable = no
+# postscreen_non_smtp_command_action = drop
postscreen_bare_newline_enable = yes
-#
-# default: postscreen_bare_newline_action = ignore
postscreen_bare_newline_action = drop
-#
-postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
-proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
+
+postscreen_dnsbl_action = enforce
+postscreen_dnsbl_threshold = 2
+postscreen_dnsbl_whitelist_threshold = -1
+postscreen_dnsbl_sites =
+{% for site in postfix_dnsbl_sites %}
+ {{ site.name }}*{{ site.modifier|default(1) }}
+{% endfor %}
diff --git a/postfix/templates/master.cf.j2 b/postfix/templates/master.cf.j2
index 6105ccd55ecf4648da5f140ce7caee5622029c9d..abcd14149c00ce9bed3239d4dcba659a8cbf1c08 100644
--- a/postfix/templates/master.cf.j2
+++ b/postfix/templates/master.cf.j2
@@ -1,36 +1,32 @@
-dovecot unix - n n - - pipe
- flags=DRhu user=5001:5000 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
-#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
-#
+
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
-#smtp inet n - y - - smtpd
+
+#smtp inet n - y - - smtpd
smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
-{% if content_filter is defined %}
- -o content_filter={{ content_filter }}
+{% if postfix_content_filter %}
+ -o content_filter={{ postfix_content_filter }}
{% endif %}
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=reject_sender_login_mismatch
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-{% if content_filter is defined %}
- -o content_filter={{ content_filter }}
-{% endif %}
-o syslog_name=postfix/submission
-# -o syslog_name=postfix/submission
+{% if postfix_content_filter %}
+ -o content_filter={{ postfix_content_filter }}
+{% endif %}
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
@@ -51,7 +47,7 @@ submission inet n - y - - smtpd
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-#628 inet n - y - - qmqpd
+#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
@@ -77,7 +73,7 @@ virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
-#
+
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
@@ -86,57 +82,28 @@ scache unix - - y - 1 scache
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
-#
+
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
-{% if content_filter is defined %}
-{{ content_filter }} {{ content_filter_arguments }}
-{{ content_filter_command }}
+
+dovecot unix - n n - - pipe
+ flags=DRhu user=5001:5000 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
+
+{% if postfix_content_filter == 'spamassassin' %}
+spamassassin unix - n n - - pipe
+ user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
{% endif %}
+
+#maildrop unix - n n - - pipe
+# flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#uucp unix - n n - - pipe
+# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#ifmail unix - n n - - pipe
+# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+#bsmtp unix - n n - - pipe
+# flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+#scalemail-backend unix - n n - 2 pipe
+# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+#mailman unix - n n - - pipe
+# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+# ${nexthop} ${user}
diff --git a/postfix/templates/postscreen_access.cidr.j2 b/postfix/templates/postscreen_access.cidr.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8a829fb4201c7cc7e148d3580ed553af67549fb4
--- /dev/null
+++ b/postfix/templates/postscreen_access.cidr.j2
@@ -0,0 +1,16 @@
+# access-Tabelle: Wer wird von postscreen ausgenommen und wer nicht?
+# Tabelle zum black- und whitelisten einzelner Hosts auf Basis ihrer
+# IP-Adressen. In der rechten Tabellenspalte können die Aktionen
+# "permit", "reject" und "dunno" gesetzt werden.
+# Nach dem Ändern und/oder Erweitern der Tabelle, muß ein
+# laufender Postfix über die Änderungen mit einem reload informiert
+# werden:
+# $ systemctl reload postfix.service
+#
+# Es muss hier keine Datenbank mit postmap erzeugt werden, da
+# Postfix die ASCII-Konfigurationsdatei direkt auswertet!
+#
+
+{% for net in postfix_network_access %}
+{{ net.cidr }} {{ net.action|default('dunno') }}
+{% endfor %}
diff --git a/postfix/templates/postscreen_cache.j2 b/postfix/templates/postscreen_cache.j2
index 9b861ab82dc7efbb107f29b0cf32254c88488020..7b2601b00201bbc9abd24df2a0e75cbf875a013f 100644
--- a/postfix/templates/postscreen_cache.j2
+++ b/postfix/templates/postscreen_cache.j2
@@ -1,10 +1,6 @@
-# Django : 2014-11-07 postscreen-cache Konfigurationsdatei
-# #
-#
-
{% for partner in groups['mail'] %}
{% if partner != ansible_hostname %}
-memcache = inet:{{hostvars[partner]["tinc_vpnip"]}}:11211
+memcache = inet:{{ hostvars[partner]['tinc_vpnip'] }}:11211
{% endif %}
{% endfor %}
diff --git a/postfix/templates/v_aliases.j2 b/postfix/templates/virtual.j2
similarity index 64%
rename from postfix/templates/v_aliases.j2
rename to postfix/templates/virtual.j2
index c24df94c5b8622e0f53b9c1cbc301aaac51ec50e..4540d44db607cef07a37ba028932e98f153e1c85 100644
--- a/postfix/templates/v_aliases.j2
+++ b/postfix/templates/virtual.j2
@@ -5,6 +5,11 @@ abuse@{{ domain }} {{ adminaddr }}
{% endfor %}
{% for alias in virtual_aliases %}
+{% if alias.src is string %}
{{ alias.src }} {{ alias.dest }}
+{% else %}
+{% for src in alias.src %}
+{{ src }}@{{ alias.domain }} {{ alias.dest }}
+{% endfor %}
+{% endif %}
{% endfor %}
-