projects
/
ansible.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
journalwatch: opemdkim
[ansible.git]
/
roles
/
email
/
templates
/
main.cf
diff --git
a/roles/email/templates/main.cf
b/roles/email/templates/main.cf
index dc72a19a73fbb65a39ab788a951964a4992b948a..a03d62764273be553f77bb2319e1e6670a4075a5 100644
(file)
--- a/
roles/email/templates/main.cf
+++ b/
roles/email/templates/main.cf
@@
-1,12
+1,17
@@
compatibility_level = 2
compatibility_level = 2
-# local delivery: aliases only
-alias_maps = hash:/etc/aliases
-local_recipient_maps = $alias_maps
+{% if postfix.hostname is defined %}
+myhostname = {{ postfix.hostname }}
+{% endif %}
{% if postfix.mynetworks is defined %}
mynetworks = {{ postfix.mynetworks }}
{% endif %}
{% if postfix.mynetworks is defined %}
mynetworks = {{ postfix.mynetworks }}
{% endif %}
+# local delivery: aliases only
+alias_maps = hash:/etc/aliases
+local_recipient_maps = $alias_maps
+
+{% if 'letsencrypt' in group_names %}
# TLS server parameters
smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt+chain
smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
# TLS server parameters
smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt+chain
smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
@@
-17,14
+22,16
@@
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048.pem
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_ciphers = low
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_ciphers = low
smtpd_tls_mandatory_ciphers = high
+{% endif %}
# TLS client parameters
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_ciphers = low
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
# TLS client parameters
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_ciphers = low
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
-{% if
not(postfix.relay_host is defined)
%}
-smtp_tls_security_level = dane
+{% if
'unbound' in group_names
%}
+# If there are TLSA records, enforce using encryption
smtp_dns_support_level = dnssec
smtp_dns_support_level = dnssec
+smtp_tls_security_level = dane
{% endif %}
{% if postfix.postscreen | default(False) %}
{% endif %}
{% if postfix.postscreen | default(False) %}
@@
-79,9
+86,10
@@
smtpd_tls_fingerprint_digest = sha1
relay_clientcerts = hash:$config_directory/relay_clientcerts
{% endif %}
relay_clientcerts = hash:$config_directory/relay_clientcerts
{% endif %}
-{% if postfix.virtual_mailbox_domains is defined %}
# setup virtual delivery domains, aliases and destinations
# setup virtual delivery domains, aliases and destinations
-virtual_mailbox_domains ={% for item in postfix.virtual_mailbox_domains %} {{item.domain}}{% endfor %}
+virtual_mailbox_domains = {{ postfix.alias_domains | default("") }}
+{% if postfix.mailman is defined %} {% for item in postfix.mailman.domains %} {{item}}{% endfor %}{% endif %}
+{% if postfix.dovecot is defined %} {% for item in postfix.dovecot.domains %} {{item}}{% endfor %}{% endif %}
virtual_alias_maps = hash:$config_directory/virtual_alias_map
{% if postfix.dovecot is defined %}
virtual_alias_maps = hash:$config_directory/virtual_alias_map
{% if postfix.dovecot is defined %}
@@
-108,6
+116,7
@@
proxy_read_maps = $virtual_alias_maps $virtual_mailbox_maps $smtpd_sender_login_
# setup mail routes for virtual mail: all mail ends up being forwarded somewhere
virtual_transport = error
transport_maps = hash:$config_directory/transport_map
# setup mail routes for virtual mail: all mail ends up being forwarded somewhere
virtual_transport = error
transport_maps = hash:$config_directory/transport_map
+{% if postfix.mailman | default(False) %}
mailman_destination_recipient_limit = 1
{% endif %}
mailman_destination_recipient_limit = 1
{% endif %}
projects / ansible.git / blobdiff