projects
/
ansible.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
make sure we do not spam list owners with unrecognized bounce notifications
[ansible.git]
/
roles
/
email
/
templates
/
main.cf
diff --git
a/roles/email/templates/main.cf
b/roles/email/templates/main.cf
index 4488ec4ee4c06fa2e1d4fbaa9567f3a2e6a294f5..01c2185a57aec07d1dac12c152cd163cb2266abc 100644
(file)
--- a/
roles/email/templates/main.cf
+++ b/
roles/email/templates/main.cf
@@
-1,12
+1,17
@@
compatibility_level = 2
compatibility_level = 2
-# local delivery: aliases only
-alias_maps = hash:/etc/aliases
-local_recipient_maps = $alias_maps
+{% if postfix.hostname is defined %}
+myhostname = {{ postfix.hostname }}
+{% endif %}
{% if postfix.mynetworks is defined %}
mynetworks = {{ postfix.mynetworks }}
{% endif %}
{% if postfix.mynetworks is defined %}
mynetworks = {{ postfix.mynetworks }}
{% endif %}
+# local delivery: aliases only
+alias_maps = hash:/etc/aliases
+local_recipient_maps = $alias_maps
+
+{% if 'letsencrypt' in group_names %}
# TLS server parameters
smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt+chain
smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
# TLS server parameters
smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt+chain
smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
@@
-17,14
+22,16
@@
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048.pem
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_ciphers = low
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_ciphers = low
smtpd_tls_mandatory_ciphers = high
+{% endif %}
# TLS client parameters
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_ciphers = low
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
# TLS client parameters
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_ciphers = low
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
-{% if
not(postfix.relay_host is defined)
%}
-smtp_tls_security_level = dane
+{% if
'unbound' in group_names
%}
+# If there are TLSA records, enforce using encryption
smtp_dns_support_level = dnssec
smtp_dns_support_level = dnssec
+smtp_tls_security_level = dane
{% endif %}
{% if postfix.postscreen | default(False) %}
{% endif %}
{% if postfix.postscreen | default(False) %}
@@
-76,40
+83,49
@@
smtpd_sasl_path = private/auth
# allow relay for some TLS-authenticated clients
smtpd_tls_ask_ccert = yes
smtpd_tls_fingerprint_digest = sha1
# allow relay for some TLS-authenticated clients
smtpd_tls_ask_ccert = yes
smtpd_tls_fingerprint_digest = sha1
-relay_clientcerts = hash:$config_directory/
{{ postfix.relay_client_cert_whitelist }}
+relay_clientcerts = hash:$config_directory/
relay_clientcerts
{% endif %}
{% endif %}
-{% if postfix.virtual_mailbox_domains is defined %}
# setup virtual delivery domains, aliases and destinations
# setup virtual delivery domains, aliases and destinations
-virtual_mailbox_domains = {{ postfix.virtual_mailbox_domains }}
+virtual_mailbox_domains = {{ postfix.alias_domains | default("") }}
+{% if postfix.mailman is defined %} {% for item in postfix.mailman.domains %} {{item}}{% endfor %}{% endif %}
+{% if postfix.dovecot is defined %} {% for item in postfix.dovecot.domains %} {{item}}{% endfor %}{% endif %}
+
virtual_alias_maps = hash:$config_directory/virtual_alias_map
virtual_alias_maps = hash:$config_directory/virtual_alias_map
- {% if postfix.
vmail_mysql_password
is defined %}
+ {% if postfix.
dovecot
is defined %}
proxy:mysql:$config_directory/mysql_vmail_aliases.cf
{% endif %}
proxy:mysql:$config_directory/mysql_vmail_aliases.cf
{% endif %}
-#
+
virtual_mailbox_maps =
virtual_mailbox_maps =
- {% if postfix.
vmail_mysql_password
is defined %}
+ {% if postfix.
dovecot
is defined %}
proxy:mysql:$config_directory/mysql_vmail_users.cf
{% endif %}
{% if postfix.mailman | default(False) %}
hash:/var/lib/mailman/data/virtual-mailman
{% endif %}
proxy:mysql:$config_directory/mysql_vmail_users.cf
{% endif %}
{% if postfix.mailman | default(False) %}
hash:/var/lib/mailman/data/virtual-mailman
{% endif %}
-#
+
smtpd_sender_login_maps =
smtpd_sender_login_maps =
- {% if postfix.
vmail_mysql_password
is defined %}
+ {% if postfix.
dovecot
is defined %}
proxy:mysql:$config_directory/mysql_vmail_users.cf
proxy:mysql:$config_directory/mysql_vmail_senders.cf
proxy:mysql:$config_directory/mysql_vmail_aliases.cf
{% endif %}
proxy:mysql:$config_directory/mysql_vmail_users.cf
proxy:mysql:$config_directory/mysql_vmail_senders.cf
proxy:mysql:$config_directory/mysql_vmail_aliases.cf
{% endif %}
-#
+
proxy_read_maps = $virtual_alias_maps $virtual_mailbox_maps $smtpd_sender_login_maps
# setup mail routes for virtual mail: all mail ends up being forwarded somewhere
virtual_transport = error
proxy_read_maps = $virtual_alias_maps $virtual_mailbox_maps $smtpd_sender_login_maps
# setup mail routes for virtual mail: all mail ends up being forwarded somewhere
virtual_transport = error
-transport_maps = hash:/etc/postfix/transport_map
+transport_maps = hash:$config_directory/transport_map
+{% if postfix.mailman | default(False) %}
mailman_destination_recipient_limit = 1
{% endif %}
mailman_destination_recipient_limit = 1
{% endif %}
+{% if postfix.smtp_outgoing is defined %}
+# send mail via specific IP
+default_transport = {{ postfix.default_smtp_outgoing }}
+sender_dependent_default_transport_maps = hash:$config_directory/sender_transport_map
+{% endif %}
+
{% if postfix.opendkim is defined %}
# DKIM & Milter
milter_default_action = accept
{% if postfix.opendkim is defined %}
# DKIM & Milter
milter_default_action = accept
@@
-121,6
+137,6
@@
non_smtpd_milters = $smtpd_milters
# misc
smtpd_delay_reject = yes
disable_vrfy_command = yes
# misc
smtpd_delay_reject = yes
disable_vrfy_command = yes
-recipient_delimiter =
+
+recipient_delimiter =
{{ postfix.recipient_delimiter | default("+") }}
delay_warning_time = 4h
message_size_limit = 21384000
delay_warning_time = 4h
message_size_limit = 21384000