X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/0aacb9f875a40b18dfbbc01b705b5337bf872368..a0ef97a3169e9da8b4618116075d54c49b4292b4:/roles/postfix/templates/main.cf

diff --git a/roles/postfix/templates/main.cf b/roles/postfix/templates/main.cf
deleted file mode 100644
index 4488ec4..0000000
--- a/roles/postfix/templates/main.cf
+++ /dev/null
@@ -1,126 +0,0 @@
-compatibility_level = 2
-
-# local delivery: aliases only
-alias_maps = hash:/etc/aliases
-local_recipient_maps = $alias_maps
-{% if postfix.mynetworks is defined %}
-mynetworks = {{ postfix.mynetworks }}
-{% endif %}
-
-# TLS server parameters
-smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt+chain
-smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtpd_tls_security_level = may
-smtpd_tls_loglevel = 1
-smtpd_tls_dh1024_param_file = /etc/ssl/dh2048.pem
-smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
-smtpd_tls_ciphers = low
-smtpd_tls_mandatory_ciphers = high
-# TLS client parameters
-smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
-smtp_tls_ciphers = low
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtp_tls_loglevel = 1
-{% if not(postfix.relay_host is defined) %}
-smtp_tls_security_level = dane
-smtp_dns_support_level = dnssec
-{% endif %}
-
-{% if postfix.postscreen | default(False) %}
-# postscreen config
-postscreen_dnsbl_threshold = 3
-postscreen_dnsbl_whitelist_threshold = -2
-postscreen_dnsbl_sites =
-	ix.dnsbl.manitu.net*2 sbl-xbl.spamhaus.org*2
-	bl.spamcop.net dnsbl.sorbs.net bl.mailspike.net
-	swl.spamhaus.org*-2 list.dnswl.org=127.0.[0..255].[0..254]*-2
-postscreen_greet_action = enforce
-postscreen_dnsbl_action = enforce
-postscreen_pipelining_enable = yes
-postscreen_non_smtp_command_enable = yes
-postscreen_bare_newline_enable = yes
-{% endif %}
-
-# control relay access
-smtpd_relay_restrictions = permit_mynetworks, permit_tls_clientcerts,
-    # allow nobody else
-    defer_unauth_destination
-# spam-protection restrictions
-smtpd_helo_required = yes
-smtpd_recipient_restrictions = permit_mynetworks, permit_tls_clientcerts,
-    # check everybody else
-    reject_unauth_pipelining,
-    reject_invalid_helo_hostname,
-    reject_non_fqdn_recipient,
-    reject_non_fqdn_sender,
-
-{% if postfix.relay_host is defined %}
-# Relay everything
-default_transport = smtp:{{ postfix.relay_host }}
-{% if postfix.relay_client_cert is defined %}
-# Enforce relay encryption
-smtp_tls_cert_file=$config_directory/{{ postfix.relay_client_cert }}.crt
-smtp_tls_key_file=$config_directory/{{ postfix.relay_client_cert }}.key
-smtp_tls_security_level = encrypt
-{% endif %}
-{% endif %}
-
-{% if postfix.submission | default(False) %}
-# configure SASL
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-{% endif %}
-
-{% if postfix.relay_client_cert_whitelist is defined %}
-# allow relay for some TLS-authenticated clients
-smtpd_tls_ask_ccert = yes
-smtpd_tls_fingerprint_digest = sha1
-relay_clientcerts = hash:$config_directory/{{ postfix.relay_client_cert_whitelist }}
-{% endif %}
-
-{% if postfix.virtual_mailbox_domains is defined %}
-# setup virtual delivery domains, aliases and destinations
-virtual_mailbox_domains = {{ postfix.virtual_mailbox_domains }}
-virtual_alias_maps = hash:$config_directory/virtual_alias_map
-  {% if postfix.vmail_mysql_password is defined %}
-  proxy:mysql:$config_directory/mysql_vmail_aliases.cf
-  {% endif %}
-#
-virtual_mailbox_maps =
-  {% if postfix.vmail_mysql_password is defined %}
-  proxy:mysql:$config_directory/mysql_vmail_users.cf
-  {% endif %}
-  {% if postfix.mailman | default(False) %}
-  hash:/var/lib/mailman/data/virtual-mailman
-  {% endif %}
-#
-smtpd_sender_login_maps =
-  {% if postfix.vmail_mysql_password is defined %}
-  proxy:mysql:$config_directory/mysql_vmail_users.cf
-  proxy:mysql:$config_directory/mysql_vmail_senders.cf
-  proxy:mysql:$config_directory/mysql_vmail_aliases.cf
-  {% endif %}
-#
-proxy_read_maps = $virtual_alias_maps $virtual_mailbox_maps $smtpd_sender_login_maps
-
-# setup mail routes for virtual mail: all mail ends up being forwarded somewhere
-virtual_transport = error
-transport_maps = hash:/etc/postfix/transport_map
-mailman_destination_recipient_limit = 1
-{% endif %}
-
-{% if postfix.opendkim is defined %}
-# DKIM & Milter
-milter_default_action = accept
-# Path must match opendkim.env
-smtpd_milters = unix:opendkim/sock
-non_smtpd_milters = $smtpd_milters
-{% endif %}
-
-# misc
-smtpd_delay_reject = yes
-disable_vrfy_command = yes
-recipient_delimiter = +
-delay_warning_time = 4h
-message_size_limit = 21384000