Merge branch 'issue-7' into 'master'

Issue 7

See merge request !7

postfix/defaults/main.yml

@@ -41,3 +41,18 @@ postfix_transport_maps: []
 #    port: 2025
 #    protocol: smtp
 #    use_mx: true
+
+postfix_my_networks: []
+postfix_notify_classes: []
+postfix_satellite_only: false
+
+## sane defaults for postfix satellites
+#
+# postfix_satellite_only: true
+# postfix_enable_postscreen: false
+# postfix_domains: []
+# postfix_notify_classes:
+#   - 2bounce
+# postfix_relay_host: relay.example.com
+# postfix_tls_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+# postfix_tls_key: "/etc/ssl/private/ssl-cert-snakeoil.key"

postfix/templates/main.cf.j2

 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
 
-inet_interfaces = all
+inet_interfaces = {{ "loopback-only" if postfix_satellite_only else "all" }}
 inet_protocols = all
 myhostname = {{ ansible_fqdn }}
 myorigin = /etc/mailname
 mydestination = $myhostname localhost {{ postfix_domains | join(" ") }}
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ postfix_my_networks|join(" ") }}
 relayhost = {{ postfix_relay_host }}
 {% if postfix_transport_maps|bool %}
 transport_maps = cdb:/etc/postfix/transport
 {% endif %}
+
+{% if not postfix_satellite_only %}
+
 {% if postfix_domains|count > 0 %}
 {% if postfix_prefer_lmtp %}
 mailbox_transport = lmtp:unix:private/dovecot-lmtp
@@ -18,6 +21,13 @@ mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
 {% endif %}
 {% endif %}
 
+smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_auth_enable = yes
+
+{% endif %}
+
 append_dot_mydomain = no
 biff = no
 compatibility_level = 2
@@ -31,10 +41,6 @@ recipient_delimiter = +
 #strict_rfc821_envelopes = no
 
 smtpd_banner = $myhostname ESMTP $mail_name
-smtpd_sender_login_maps = proxy:pcre:/etc/postfix/login_maps.pcre
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_auth_enable = yes
 smtpd_relay_restrictions =
 	permit_mynetworks
 	permit_sasl_authenticated
@@ -47,6 +53,7 @@ smtpd_tls_cert_file = {{ postfix_tls_cert }}
 smtpd_tls_key_file = {{ postfix_tls_key }}
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+{% if not postfix_satellite_only %}
 smtpd_tls_protocols = {{ postfix_tls_protocols }}
 smtpd_tls_mandatory_protocols = {{ postfix_tls_protocols }}
 {% if postfix_tls_mandatory_ciphers %}
@@ -67,6 +74,7 @@ tls_medium_cipherlist = {{ postfix_tls_medium_cipherlist }}
 {% if postfix_tls_dh_file %}
 smtpd_tls_dh1024_param_file = /etc/postfix/dh.pem
 {% endif %}
+{% endif %}
 
 alias_maps = cdb:/etc/aliases
 alias_database = cdb:/etc/aliases
@@ -81,7 +89,10 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp
 virtual_gid_maps = static:5000
 {% endif %}
 
-{% if postfix_enable_postscreen %}
+{% set _x = postfix_notify_classes.extend(["resource", "software"]) %}
+notify_classes = {{ postfix_notify_classes|unique|join(", ") }}
+
+{% if postfix_enable_postscreen and not postfix_satellite_only %}
 postscreen_access_list = permit_mynetworks
                          cidr:/etc/postfix/postscreen_access.cidr
 {% if postfix_enable_memcached %}

postfix/templates/master.cf.j2

@@ -9,11 +9,12 @@
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
 
-{% if postfix_enable_postscreen %}
+{% if postfix_enable_postscreen and not postfix_satellite_only %}
 smtp      inet  n       -       y       -       1       postscreen
 {% else %}
 smtp     inet  n       -       y       -       -       smtpd
 {% endif %}
+{% if not postfix_satellite_only %}
 smtpd     pass  -       -       y       -       -       smtpd
 {% if postfix_content_filter %}
   -o content_filter={{ postfix_content_filter }}
@@ -51,6 +52,7 @@ submission inet n       -       y       -       -       smtpd
 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
 #628	  inet  n       -       y       -       -       qmqpd
+{% endif %}
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
@@ -76,6 +78,9 @@ virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       y       -       -       lmtp
 anvil     unix  -       -       y       -       1       anvil
 scache    unix  -       -       y       -       1       scache
+{% if ansible_distribution_major_version|int >= 10 %}
+postlog   unix-dgram n  -       n       -       1       postlogd
+{% endif %}
 
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
@@ -89,6 +94,7 @@ scache    unix  -       -       y       -       1       scache
 # maildrop. See the Postfix MAILDROP_README file for details.
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
 
+{% if not postfix_satellite_only %}
 dovecot   unix  -       n       n       -       -       pipe
   flags=DRhu user=5001:5000 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
 
@@ -96,6 +102,7 @@ dovecot   unix  -       n       n       -       -       pipe
 spamassassin	unix -     n       n       -       -       pipe
   user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
 {% endif %}
+{% endif %}
 
 #maildrop  unix  -       n       n       -       -       pipe
 #  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}