commit
104494b709
5 changed files with 241 additions and 0 deletions
@ -0,0 +1,42 @@
|
||||
- name: Copy configuration files |
||||
loop: |
||||
- 'main.cf' |
||||
- 'master.cf' |
||||
template: |
||||
src: '{{ item }}.j2' |
||||
dest: '/etc/postfix/{{ item }}' |
||||
follow: yes |
||||
tags: |
||||
- postfix |
||||
- config |
||||
notify: Run service actions |
||||
- name: Copy mail aliases |
||||
template: |
||||
src: 'aliases' |
||||
dest: '/etc/aliases' |
||||
follow: yes |
||||
tags: |
||||
- postfix |
||||
- aliases |
||||
notify: Run service actions |
||||
- name: Compile aliases |
||||
command: |
||||
argv: ["newaliases"] |
||||
tags: |
||||
- postfix |
||||
- aliases |
||||
- name: Copy certificates |
||||
loop: |
||||
- 'privkey.pem' |
||||
- 'fullchain.pem' |
||||
copy: |
||||
src: '{{ role_path }}/vault/certs/{{ item }}' |
||||
dest: '/etc/ssl/private/mail/{{ item }}' |
||||
owner: 'root' |
||||
group: 'root' |
||||
mode: '600' |
||||
tags: |
||||
- certs |
||||
- postfix |
||||
- vault |
||||
notify: Run service actions |
@ -0,0 +1,11 @@
|
||||
mailer-daemon: postmaster |
||||
postmaster: root |
||||
nobody: root |
||||
hostmaster: root |
||||
usenet: root |
||||
news: root |
||||
webmaster: root |
||||
www: root |
||||
ftp: root |
||||
abuse: root |
||||
root: caskd |
@ -0,0 +1,62 @@
|
||||
# See /usr/share/postfix/main.cf.dist for a commented, more complete version |
||||
|
||||
|
||||
# Debian specific: Specifying a file name will cause the first |
||||
# line of that file to be used as the name. The Debian default |
||||
# is /etc/mailname. |
||||
#myorigin = /etc/mailname |
||||
|
||||
smtpd_banner = $myhostname ESMTP RedXen Mail |
||||
biff = no |
||||
|
||||
# appending .domain is the MUA's job. |
||||
append_dot_mydomain = no |
||||
|
||||
# Uncomment the next line to generate "delayed mail" warnings |
||||
#delay_warning_time = 4h |
||||
|
||||
readme_directory = no |
||||
|
||||
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on |
||||
# fresh installs. |
||||
compatibility_level = 2 |
||||
|
||||
# TLS parameters |
||||
smtpd_tls_cert_file=/etc/ssl/private/mail/fullchain.pem |
||||
smtpd_tls_key_file=/etc/ssl/private/mail/privkey.pem |
||||
smtpd_tls_security_level=may |
||||
smtpd_tls_auth_only=yes |
||||
smtpd_use_tls=yes |
||||
|
||||
smtp_tls_CApath=/etc/ssl/certs |
||||
smtp_tls_security_level=may |
||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache |
||||
|
||||
# Dovecot auth |
||||
smtpd_sasl_auth_enable = yes |
||||
smtpd_sasl_type = dovecot |
||||
smtpd_sasl_path = private/auth |
||||
|
||||
# OpenDKIM |
||||
milter_default_action = accept |
||||
milter_protocol = 6 |
||||
smtpd_milters = local:opendkim/opendkim.sock |
||||
non_smtpd_milters = local:opendkim/opendkim.sock |
||||
|
||||
home_mailbox = Mail/Inbox/ |
||||
|
||||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination |
||||
myhostname = mail.redxen.eu |
||||
alias_maps = hash:/etc/aliases |
||||
alias_database = hash:/etc/aliases |
||||
myorigin = redxen.eu |
||||
mydestination = mail.redxen.eu, smtp.redxen.eu, redxen.eu, localhost.localdomain, localhost |
||||
relayhost = |
||||
relay_domains = $mydestination |
||||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 |
||||
mailbox_size_limit = 0 |
||||
recipient_delimiter = + |
||||
inet_interfaces = all |
||||
inet_protocols = all |
||||
|
||||
notify_classes = resource, software, bounce |
@ -0,0 +1,125 @@
|
||||
# |
||||
# Postfix master process configuration file. For details on the format |
||||
# of the file, see the master(5) manual page (command: "man 5 master" or |
||||
# on-line: http://www.postfix.org/master.5.html). |
||||
# |
||||
# Do not forget to execute "postfix reload" after editing this file. |
||||
# |
||||
# ========================================================================== |
||||
# service type private unpriv chroot wakeup maxproc command + args |
||||
# (yes) (yes) (no) (never) (100) |
||||
# ========================================================================== |
||||
smtp inet n - y - - smtpd |
||||
#smtp inet n - y - 1 postscreen |
||||
#smtpd pass - - y - - smtpd |
||||
#dnsblog unix - - y - 0 dnsblog |
||||
#tlsproxy unix - - y - 0 tlsproxy |
||||
smtp unix - - n - - smtp |
||||
submission inet n - y - - smtpd |
||||
-o smtpd_tls_security_level=encrypt |
||||
-o smtpd_sasl_auth_enable=yes |
||||
-o smtpd_sasl_type=dovecot |
||||
-o smtpd_sasl_path=private/auth |
||||
-o smtpd_sasl_security_options=noanonymous |
||||
-o smtpd_sasl_local_domain=$myhostname |
||||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject |
||||
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject |
||||
smtps inet n - y - - smtpd |
||||
-o syslog_name=postfix/smtps |
||||
-o smtpd_tls_wrappermode=yes |
||||
-o smtpd_sasl_auth_enable=yes |
||||
# -o smtpd_reject_unlisted_recipient=no |
||||
# -o smtpd_client_restrictions=$mua_client_restrictions |
||||
# -o smtpd_helo_restrictions=$mua_helo_restrictions |
||||
# -o smtpd_sender_restrictions=$mua_sender_restrictions |
||||
# -o smtpd_recipient_restrictions= |
||||
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject |
||||
#rspamd unix - n n - - pipe #TODO |
||||
#628 inet n - y - - qmqpd |
||||
pickup unix n - y 60 1 pickup |
||||
cleanup unix n - y - 0 cleanup |
||||
qmgr unix n - n 300 1 qmgr |
||||
#qmgr unix n - n 300 1 oqmgr |
||||
tlsmgr unix - - y 1000? 1 tlsmgr |
||||
rewrite unix - - y - - trivial-rewrite |
||||
bounce unix - - y - 0 bounce |
||||
defer unix - - y - 0 bounce |
||||
trace unix - - y - 0 bounce |
||||
verify unix - - y - 1 verify |
||||
flush unix n - y 1000? 0 flush |
||||
proxymap unix - - n - - proxymap |
||||
proxywrite unix - - n - 1 proxymap |
||||
smtp unix - - y - - smtp |
||||
relay unix - - y - - smtp |
||||
-o syslog_name=postfix/$service_name |
||||
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 |
||||
showq unix n - y - - showq |
||||
error unix - - y - - error |
||||
retry unix - - y - - error |
||||
discard unix - - y - - discard |
||||
local unix - n n - - local |
||||
virtual unix - n n - - virtual |
||||
lmtp unix - - y - - lmtp |
||||
anvil unix - - y - 1 anvil |
||||
scache unix - - y - 1 scache |
||||
postlog unix-dgram n - n - 1 postlogd |
||||
# |
||||
# ==================================================================== |
||||
# Interfaces to non-Postfix software. Be sure to examine the manual |
||||
# pages of the non-Postfix software to find out what options it wants. |
||||
# |
||||
# Many of the following services use the Postfix pipe(8) delivery |
||||
# agent. See the pipe(8) man page for information about ${recipient} |
||||
# and other message envelope options. |
||||
# ==================================================================== |
||||
# |
||||
# maildrop. See the Postfix MAILDROP_README file for details. |
||||
# Also specify in main.cf: maildrop_destination_recipient_limit=1 |
||||
# |
||||
maildrop unix - n n - - pipe |
||||
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} |
||||
# |
||||
# ==================================================================== |
||||
# |
||||
# Recent Cyrus versions can use the existing "lmtp" master.cf entry. |
||||
# |
||||
# Specify in cyrus.conf: |
||||
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 |
||||
# |
||||
# Specify in main.cf one or more of the following: |
||||
# mailbox_transport = lmtp:inet:localhost |
||||
# virtual_transport = lmtp:inet:localhost |
||||
# |
||||
# ==================================================================== |
||||
# |
||||
# Cyrus 2.1.5 (Amos Gouaux) |
||||
# Also specify in main.cf: cyrus_destination_recipient_limit=1 |
||||
# |
||||
#cyrus unix - n n - - pipe |
||||
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} |
||||
# |
||||
# ==================================================================== |
||||
# Old example of delivery via Cyrus. |
||||
# |
||||
#old-cyrus unix - n n - - pipe |
||||
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} |
||||
# |
||||
# ==================================================================== |
||||
# |
||||
# See the Postfix UUCP_README file for configuration details. |
||||
# |
||||
uucp unix - n n - - pipe |
||||
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) |
||||
# |
||||
# Other external delivery methods. |
||||
# |
||||
ifmail unix - n n - - pipe |
||||
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) |
||||
bsmtp unix - n n - - pipe |
||||
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient |
||||
scalemail-backend unix - n n - 2 pipe |
||||
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} |
||||
mailman unix - n n - - pipe |
||||
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py |
||||
${nexthop} ${user} |
||||
|
Reference in new issue