Configure the Mail Delivery Agent.

9 files changed, 124 insertions, 6 deletions

diff --git a/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf b/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf
new file mode 120000
index 0000000..7e8c163
--- /dev/null
+++ b/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf
@@ -0,0 +1 @@
+../../../../../mx/files/etc/postfix/virtual/mailbox_domains.cf
\ No newline at end of file
diff --git a/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf b/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf
new file mode 120000
index 0000000..763b30e
--- /dev/null
+++ b/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf
@@ -0,0 +1 @@
+../../../../../mx/files/etc/postfix/virtual/mailbox_maps.cf
\ No newline at end of file
diff --git a/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf
new file mode 100644
index 0000000..6ea944f
--- /dev/null
+++ b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf
@@ -0,0 +1,8 @@
+server_host      = ldapi://%2Fprivate%2Fldapi/
+version          = 3
+search_base      = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
+scope            = base
+bind             = none
+query_filter     = (&(ObjectClass=AmavisAccount)(fvl=%u))
+result_attribute = fvl
+result_format    = amavisfeed:unix:public/amavisfeed-contentfilter
diff --git a/roles/IMAP/handlers/main.yml b/roles/IMAP/handlers/main.yml
index 45f817d..2e54251 100644
--- a/roles/IMAP/handlers/main.yml
+++ b/roles/IMAP/handlers/main.yml
@@ -1,3 +1,9 @@
 ---
 - name: Restart Dovecot
   service: name=dovecot state=restarted
+
+- name: Restart Postfix
+  service: name=postfix state=restarted
+
+- name: Reload Postfix
+  service: name=postfix state=reloaded
diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml
index d71573e..df21dd2 100644
--- a/roles/IMAP/tasks/main.yml
+++ b/roles/IMAP/tasks/main.yml
@@ -1,2 +1,3 @@
 ---
 - include: imap.yml   tags=imap,dovecot
+- include: mda.yml    tags=mda,mail,postfix
diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml
new file mode 100644
index 0000000..39938fd
--- /dev/null
+++ b/roles/IMAP/tasks/mda.yml
@@ -0,0 +1,36 @@
+- name: Install Postfix
+  apt: pkg={{ item }}
+  with_items:
+    - postfix
+    - postfix-ldap
+
+- name: Configure Postfix
+  template: src=etc/postfix/main.cf.j2
+            dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
+            owner=root group=root
+            mode=0644
+  register: r
+  notify:
+    - Restart Postfix
+
+- name: Create directory /etc/postfix-.../virtual
+  file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
+        owner=root group=root
+        state=directory
+        mode=0755
+
+- name: Copy lookups tables
+  copy: src=etc/postfix/virtual/{{ item }}
+        dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
+        owner=root group=root
+        mode=0644
+  with_items:
+    - mailbox_domains.cf
+    - mailbox_maps.cf
+    - transport_content_filter_maps.cf
+
+- name: Start Postfix
+  service: name=postfix state=started
+  when: not r.changed
+
+- meta: flush_handlers
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
new file mode 100644
index 0000000..1fb2fcc
--- /dev/null
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -0,0 +1,60 @@
+########################################################################
+# MDA configuration
+#
+# {{ ansible_managed }}
+# Do NOT edit this file directly!
+
+smtpd_banner     = $myhostname ESMTP $mail_name (Debian/GNU)
+biff             = no
+readme_directory = no
+mail_owner       = postfix
+
+delay_warning_time     = 4h
+maximal_queue_lifetime = 5d
+
+myorigin            = /etc/mailname
+myhostname          = mda{{ imapno | default('') }}.$mydomain
+mydomain            = {{ ansible_domain }}
+append_dot_mydomain = no
+
+# Turn off all TCP/IP listener ports except that necessary for the MDA.
+master_service_disable = !2526.inet inet
+
+queue_directory       = /var/spool/postfix-{{ postfix_instance[inst].name }}
+data_directory        = /var/lib/postfix-{{ postfix_instance[inst].name }}
+multi_instance_group  = {{ postfix_instance[inst].group | default('') }}
+multi_instance_name   = postfix-{{ postfix_instance[inst].name }}
+multi_instance_enable = yes
+
+# This server is a Mail Delivery Agent
+mynetworks_style = host
+inet_interfaces  = 172.16.0.1
+{% if 'MX' in group_names %}
+                   127.0.0.1
+{% endif %}
+inet_protocols   = ipv4
+
+# No local delivery
+mydestination        =
+local_transport      = error:5.1.1 Mailbox unavailable
+alias_maps           =
+alias_database       =
+local_recipient_maps =
+
+message_size_limit   = 67108864
+recipient_delimiter  = +
+
+# No relay: this server is inbound-only
+relay_transport   = error:5.1.1 Relay unavailable
+default_transport = error:5.1.1 Transport unavailable
+
+# Virtual transport (the alias resolution is already done by the MX:es)
+virtual_transport       = lmtp:unix:private/dovecot-lmtpd
+virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
+virtual_mailbox_maps    = ldap:$config_directory/virtual/mailbox_maps.cf
+mailbox_transport_maps  = ldap:$config_directory/virtual/transport_content_filter_maps.cf
+
+# Don't rewrite remote headers
+local_header_rewrite_clients =
+# Tolerate occasional high latency
+smtpd_timeout                = 1200s
diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf
index b8bc458..fa8fed9 100644
--- a/roles/common/files/etc/postfix/master.cf
+++ b/roles/common/files/etc/postfix/master.cf
@@ -9,6 +9,8 @@
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 smtp      inet  n       -       -       -       -       smtpd
+16132     inet  n       -       -       -       -       smtpd
+2526      inet  n       -       -       -       -       smtpd
 pickup    fifo  n       -       -       60      1       pickup
 cleanup   unix  n       -       -       -       0       cleanup
 qmgr      fifo  n       -       n       300     1       qmgr
@@ -33,6 +35,9 @@ virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       -       -       -       lmtp
 anvil     unix  -       -       -       -       1       anvil
 scache    unix  -       -       -       -       1       scache
-16132     inet  n       -       -       -       -       smtpd
 reserved-alias unix  -  n       n       -       -       pipe
   flags=Rhu user=mail argv=/usr/local/sbin/reserved-alias.pl ${original_recipient} @fripost.org
+amavisfeed unix -       -       n       -       2       lmtp
+  -o lmtp_destination_recipient_limit=1000
+  -o lmtp_send_xforward_command=yes
+  -o lmtp_data_done_timeout=1200s
diff --git a/roles/mx/templates/etc/postfix/main.cf.j2 b/roles/mx/templates/etc/postfix/main.cf.j2
index 8c1da35..a9ce8c4 100644
--- a/roles/mx/templates/etc/postfix/main.cf.j2
+++ b/roles/mx/templates/etc/postfix/main.cf.j2
@@ -9,8 +9,8 @@ biff             = no
 readme_directory = no
 mail_owner       = postfix
 
-delay_warning_time      = 4h
-maximal_queue_lifetime  = 5d
+delay_warning_time     = 4h
+maximal_queue_lifetime = 5d
 
 myorigin            = /etc/mailname
 myhostname          = mx{{ mxno | default('') }}.$mydomain
@@ -96,9 +96,9 @@ tls_random_source               = dev:/dev/urandom
 # http://en.linuxreviews.org/HOWTO_Stop_spam_using_Postfix
 # http://www.howtoforge.com/block_spam_at_mta_level_postfix
 
-strict_rfc821_envelopes             = yes
-smtpd_delay_reject                  = yes
-disable_vrfy_command                = yes
+strict_rfc821_envelopes = yes
+smtpd_delay_reject      = yes
+disable_vrfy_command    = yes
 
 # UCE control
 invalid_hostname_reject_code        = 554