diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-11 21:13:19 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-12 13:46:44 +0100 |
| commit | a0d439f832721ab1b4bdcf9ab844ee20d4dc1682 (patch) | |
| tree | 64b56a401e9a92622fb7bf734453882ca4f9d6a4 /roles/MSA/tasks | |
| parent | 7beb915bb8dddac847ca3aca85c187e314a6c0fa (diff) | |
submission: Prospective SPF checking.
Cf. http://www.openspf.org/Best_Practices/Outbound .
Diffstat (limited to 'roles/MSA/tasks')
| -rw-r--r-- | roles/MSA/tasks/main.yml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml index 65d1dae..c78139a 100644 --- a/roles/MSA/tasks/main.yml +++ b/roles/MSA/tasks/main.yml @@ -1,26 +1,27 @@ - name: Install Postfix apt: pkg={{ packages }} vars: packages: - postfix - postfix-pcre + - postfix-policyd-spf-python - name: Copy Postfix sender login socketmap copy: src=usr/local/bin/postfix-sender-login.pl dest=/usr/local/bin/postfix-sender-login.pl owner=root group=staff mode=0755 - name: Copy Postfix sender login socketmap systemd unit files copy: src=etc/systemd/system/{{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 with_items: - postfix-sender-login.service - postfix-sender-login.socket notify: - systemctl daemon-reload - meta: flush_handlers @@ -42,40 +43,49 @@ # no need to reload upon change, as cleanup(8) is short-running copy: src=etc/postfix/anonymize_sender.pcre dest=/etc/postfix-{{ postfix_instance[inst].name }}/anonymize_sender.pcre owner=root group=root mode=0644 - name: Copy the check_sender_access map copy: src=etc/postfix/check_sender_access dest=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access owner=root group=root mode=0644 - name: Compile the check_sender_access map # no need to reload upon change, as cleanup(8) is short-running postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=lmdb owner=root group=root mode=0644 notify: - Reload Postfix +- name: Configure policyd-spf + template: src=etc/postfix-policyd-spf-python/policyd-spf.conf.j2 + dest=/etc/postfix-policyd-spf-python/policyd-spf.conf + owner=root group=root + mode=0644 + # Reload Postifx to terminate spawn(8) daemon children + notify: + - Reload Postfix + - name: Create directory /etc/postfix/ssl file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl state=directory owner=root group=root mode=0755 tags: - genkey - meta: flush_handlers - name: Start Postfix service: name=postfix state=started - name: Fetch Postfix's X.509 certificate # Ensure we don't fetch private data become: False # `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file` fetch_cmd: cmd="openssl x509 -noout -pubkey" stdin=/etc/postfix-{{ postfix_instance[inst].name }}/ssl/smtp.fripost.org.pem dest=certs/public/smtp.fripost.org.pub |