From 193713fda1754c10f30031ec519db82914b8dee4 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Sun, 11 Jun 2023 12:27:53 +0200
Subject: [PATCH] Add opensmtpd-relay role
---
opensmtpd-relay/defaults/main.yml | 6 ++
opensmtpd-relay/handlers/main.yml | 6 ++
opensmtpd-relay/tasks/main.yml | 56 +++++++++++++++++++
opensmtpd-relay/templates/smtpd.conf.j2 | 9 +++
.../templates/update-opensmtpd-system-user.j2 | 7 +++
5 files changed, 84 insertions(+)
create mode 100644 opensmtpd-relay/defaults/main.yml
create mode 100644 opensmtpd-relay/handlers/main.yml
create mode 100644 opensmtpd-relay/tasks/main.yml
create mode 100644 opensmtpd-relay/templates/smtpd.conf.j2
create mode 100644 opensmtpd-relay/templates/update-opensmtpd-system-user.j2
diff --git a/opensmtpd-relay/defaults/main.yml b/opensmtpd-relay/defaults/main.yml
new file mode 100644
index 0000000..b90fcc8
--- /dev/null
+++ b/opensmtpd-relay/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+opensmtpd_system_user_max: 999
+mailname: example.org
+opensmtpd_relayhost: mail.example.org
+adminaddr: admin@{{ mailname }}
diff --git a/opensmtpd-relay/handlers/main.yml b/opensmtpd-relay/handlers/main.yml
new file mode 100644
index 0000000..93eb87b
--- /dev/null
+++ b/opensmtpd-relay/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart OpenSMTPD
+ systemd:
+ name: opensmtpd.service
+ state: restarted
diff --git a/opensmtpd-relay/tasks/main.yml b/opensmtpd-relay/tasks/main.yml
new file mode 100644
index 0000000..901eeaf
--- /dev/null
+++ b/opensmtpd-relay/tasks/main.yml
@@ -0,0 +1,56 @@
+---
+
+- name: Install OpenSMTPD and required tools
+ package:
+ name:
+ - opensmtpd
+ - moreutils # sponge, for update-opensmtpd-system-user
+ state: present
+
+- name: Remove esmtp
+ package:
+ name: esmtp
+ state: absent
+
+- name: Configure mailname
+ copy:
+ content: "{{ mailname }}\n"
+ dest: /etc/{{ "opensmtpd/" if is_rhel }}mailname
+ owner: root
+ group: root
+ mode: "0644"
+ notify:
+ - Restart OpenSMTPD
+
+- name: Configure smtpd.conf
+ template:
+ src: smtpd.conf.j2
+ dest: /etc/{{ "opensmtpd/" if is_rhel }}smtpd.conf
+ owner: root
+ group: root
+ mode: "0644"
+ validate: /usr/sbin/smtpd -f %s -n
+ notify:
+ - Restart OpenSMTPD
+
+- name: Install update-opensmtpd-system-user script
+ template:
+ src: update-opensmtpd-system-user.j2
+ dest: /usr/local/sbin/update-opensmtpd-system-user
+ owner: root
+ group: root
+ mode: "0754"
+
+- name: Configure system-user table cronjob
+ cron:
+ name: opensmtpd-system-user
+ cron_file: opensmtpd-system-user
+ user: root
+ minute: "*/5"
+ job: /usr/local/sbin/update-opensmtpd-system-user
+
+- name: Enable and start OpenSMTPD
+ systemd:
+ name: opensmtpd.service
+ state: started
+ enabled: true
diff --git a/opensmtpd-relay/templates/smtpd.conf.j2 b/opensmtpd-relay/templates/smtpd.conf.j2
new file mode 100644
index 0000000..1befe84
--- /dev/null
+++ b/opensmtpd-relay/templates/smtpd.conf.j2
@@ -0,0 +1,9 @@
+table systemusers file:/etc/opensmtpd/systemusers
+filter "local-system-user" phase rcpt-to match rcpt-to <systemusers> rewrite "<{{ adminaddr }}>"
+
+listen on localhost filter "local-system-user"
+listen on socket filter "local-system-user"
+
+action "relay" relay host "{{ opensmtpd_relayhost }}" helo "{{ ansible_fqdn }}"
+
+match from local for any action "relay"
diff --git a/opensmtpd-relay/templates/update-opensmtpd-system-user.j2 b/opensmtpd-relay/templates/update-opensmtpd-system-user.j2
new file mode 100644
index 0000000..faf9756
--- /dev/null
+++ b/opensmtpd-relay/templates/update-opensmtpd-system-user.j2
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -e
+set -o pipefail
+
+getent passwd | awk -F: \
+ '$3 <= {{ opensmtpd_system_user_max }} { print $1 "@{{ mailname }}" }' \
+ | sponge /etc/{{ "opensmtpd/" if is_rhel }}systemusers
--
GitLab