summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-11-24 03:53:39 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:50:47 +0200
commit6be613d07ddc6d0b1e4b73f93c0fa1c0b1f7ba10 (patch)
tree798df25c6a7c0a9c1e8b01116f454f5d74c94a10 /roles/common/templates/etc
parent099678c6b4fd176d3232984e634d6311f7c83494 (diff)
Postfix master (nullmailer) configuration
We use a dedicated instance for each role: MDA, MTA out, MX, etc.
Diffstat (limited to 'roles/common/templates/etc')
-rw-r--r--roles/common/templates/etc/postfix/main.cf.j257
1 files changed, 57 insertions, 0 deletions
diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
new file mode 100644
index 0000000..3169ac6
--- /dev/null
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -0,0 +1,57 @@
+########################################################################
+# Nullmailer configuration
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+readme_directory = no
+
+myorigin = /etc/mailname
+myhostname = {{ ansible_fqdn }}
+mydomain = {{ ansible_domain }}
+append_dot_mydomain = no
+
+# This server is for internal use only
+mynetworks_style = host
+inet_interfaces = loopback-only
+inet_protocols = ipv4
+# Tunnel everything through IPSec
+smtp_bind_address = 172.16.0.1
+
+# No local delivery
+mydestination =
+local_transport = error:5.1.1 Mailbox unavailable
+alias_maps =
+local_recipient_maps =
+
+# All aliases are virtual
+default_database_type = cdb
+virtual_alias_maps = cdb:/etc/aliases
+alias_database = $virtual_alias_maps
+
+# Transform local FQDN addresses to addresses routable on the internet
+smtp_generic_maps = pcre:$config_directory/generic.pcre
+
+# Forward everything to our internal mailhub
+{% if 'MTA-out' in group_names %}
+relayhost = [127.0.0.1]:2525
+{% else %}
+relayhost = [outgoing.fripost.org]:2525
+{% endif %}
+
+# This server is for internal use only; external connections are
+# protected by IPSec already
+smtpd_tls_security_level = none
+smtp_tls_security_level = none
+
+{% set multi_instance = False %}
+{%- for g in postfix_instance.keys() | sort -%}
+ {%- if g in group_names -%}
+ {%- if not multi_instance -%}
+ {%- set multi_instance = True -%}
+## Other postfix instances
+multi_instance_wrapper = $command_directory/postmulti -p --
+multi_instance_enable = yes
+multi_instance_directories =
+ {%- endif %} /etc/postfix-{{ postfix_instance[g].name }}
+ {%- endif %}
+{% endfor %}