summaryrefslogtreecommitdiffstats
path: root/roles/mx
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-12-02 23:46:01 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:11 +0200
commitc79f18ff9a04a7534dba3c288bc9606f17786b16 (patch)
tree2e0f1d72ad481804dd5f9dff680737fe5df12f21 /roles/mx
parent1a50ad8f85ae7b42d7749b43d8f01adb663114ff (diff)
Rename the role 'mx' into 'MX'.
Other abreviations are upper case.
Diffstat (limited to 'roles/mx')
-rw-r--r--roles/mx/files/etc/postfix/virtual/alias_catchall_maps.cf7
-rw-r--r--roles/mx/files/etc/postfix/virtual/alias_maps.cf6
-rw-r--r--roles/mx/files/etc/postfix/virtual/lists_maps.cf7
-rw-r--r--roles/mx/files/etc/postfix/virtual/mailbox_domains.cf8
-rw-r--r--roles/mx/files/etc/postfix/virtual/mailbox_maps.cf8
-rw-r--r--roles/mx/files/etc/postfix/virtual/reserved_maps.pcre5
-rw-r--r--roles/mx/files/etc/postfix/virtual/reserved_transport_maps2
-rw-r--r--roles/mx/files/etc/postfix/virtual/transport_lists_maps.cf11
-rwxr-xr-xroles/mx/files/usr/local/sbin/reserved-alias.pl110
-rw-r--r--roles/mx/handlers/main.yml9
-rw-r--r--roles/mx/tasks/main.yml74
-rw-r--r--roles/mx/templates/etc/postfix/main.cf.j2142
12 files changed, 0 insertions, 389 deletions
diff --git a/roles/mx/files/etc/postfix/virtual/alias_catchall_maps.cf b/roles/mx/files/etc/postfix/virtual/alias_catchall_maps.cf
deleted file mode 100644
index c405f47..0000000
--- a/roles/mx/files/etc/postfix/virtual/alias_catchall_maps.cf
+++ /dev/null
@@ -1,7 +0,0 @@
-server_host = ldapi://%2Fprivate%2Fldapi/
-version = 3
-search_base = fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
-scope = base
-bind = none
-query_filter = (&(ObjectClass=FripostVirtualDomain)(fvd=%d)(fripostOptionalMaildrop=*))
-result_attribute = fripostOptionalMaildrop
diff --git a/roles/mx/files/etc/postfix/virtual/alias_maps.cf b/roles/mx/files/etc/postfix/virtual/alias_maps.cf
deleted file mode 100644
index 9265d0b..0000000
--- a/roles/mx/files/etc/postfix/virtual/alias_maps.cf
+++ /dev/null
@@ -1,6 +0,0 @@
-server_host = ldapi://%2Fprivate%2Fldapi/
-version = 3
-search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
-scope = base
-query_filter = (&(ObjectClass=FripostVirtualAlias)(fvl=%u))
-result_attribute = fripostMaildrop
diff --git a/roles/mx/files/etc/postfix/virtual/lists_maps.cf b/roles/mx/files/etc/postfix/virtual/lists_maps.cf
deleted file mode 100644
index b60dcf6..0000000
--- a/roles/mx/files/etc/postfix/virtual/lists_maps.cf
+++ /dev/null
@@ -1,7 +0,0 @@
-server_host = ldapi://%2Fprivate%2Fldapi/
-version = 3
-search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
-scope = base
-bind = none
-query_filter = (&(|(ObjectClass=FripostVirtualList)(ObjectClass=FripostVirtualListCommand))(fvl=%u)(fripostLocalAlias=%u#%d))
-result_attribute = fripostLocalAlias
diff --git a/roles/mx/files/etc/postfix/virtual/mailbox_domains.cf b/roles/mx/files/etc/postfix/virtual/mailbox_domains.cf
deleted file mode 100644
index 22d6be3..0000000
--- a/roles/mx/files/etc/postfix/virtual/mailbox_domains.cf
+++ /dev/null
@@ -1,8 +0,0 @@
-server_host = ldapi://%2Fprivate%2Fldapi/
-version = 3
-search_base = fvd=%s,ou=virtual,o=mailHosting,dc=fripost,dc=org
-scope = base
-bind = none
-query_filter = (&(ObjectClass=FripostVirtualDomain)(fvd=%s))
-result_attribute = fvd
-result_format = OK
diff --git a/roles/mx/files/etc/postfix/virtual/mailbox_maps.cf b/roles/mx/files/etc/postfix/virtual/mailbox_maps.cf
deleted file mode 100644
index dc97177..0000000
--- a/roles/mx/files/etc/postfix/virtual/mailbox_maps.cf
+++ /dev/null
@@ -1,8 +0,0 @@
-server_host = ldapi://%2Fprivate%2Fldapi/
-version = 3
-search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org
-scope = base
-bind = none
-query_filter = (&(ObjectClass=FripostVirtualUser)(fvl=%u))
-result_attribute = fvl
-result_format = OK
diff --git a/roles/mx/files/etc/postfix/virtual/reserved_maps.pcre b/roles/mx/files/etc/postfix/virtual/reserved_maps.pcre
deleted file mode 100644
index 58572d1..0000000
--- a/roles/mx/files/etc/postfix/virtual/reserved_maps.pcre
+++ /dev/null
@@ -1,5 +0,0 @@
-# These reserved aliases will always be redirected to us and the domain
-# owner.
-# TODO: check 'postmaster+test@fripost.org'
-/^(?:postmaster|abuse)(?:\+.*)?@fripost\.org$/ admin@fripost.org
-/^((?:postmaster|abuse)(?:\+.*)?)@/ $1
diff --git a/roles/mx/files/etc/postfix/virtual/reserved_transport_maps b/roles/mx/files/etc/postfix/virtual/reserved_transport_maps
deleted file mode 100644
index dce8710..0000000
--- a/roles/mx/files/etc/postfix/virtual/reserved_transport_maps
+++ /dev/null
@@ -1,2 +0,0 @@
-abuse reserved-alias:
-postmaster reserved-alias:
diff --git a/roles/mx/files/etc/postfix/virtual/transport_lists_maps.cf b/roles/mx/files/etc/postfix/virtual/transport_lists_maps.cf
deleted file mode 100644
index 9a7bca0..0000000
--- a/roles/mx/files/etc/postfix/virtual/transport_lists_maps.cf
+++ /dev/null
@@ -1,11 +0,0 @@
-# Despite the index on 'fripostLocalAlias' it's a bit more inefficient,
-# but more precise, than the alternative of using regexes here, and a
-# plain hash on the list managers' side.
-server_host = ldapi://%2Fprivate%2Fldapi/
-version = 3
-search_base = ou=virtual,o=mailHosting,dc=fripost,dc=org
-scope = sub
-bind = none
-query_filter = (&(|(ObjectClass=FripostVirtualList)(ObjectClass=FripostVirtualListCommand))(fripostLocalAlias=%s))
-result_attribute = fripostLocalAlias
-result_format = smtp:[127.0.0.1]:2345
diff --git a/roles/mx/files/usr/local/sbin/reserved-alias.pl b/roles/mx/files/usr/local/sbin/reserved-alias.pl
deleted file mode 100755
index c122c6d..0000000
--- a/roles/mx/files/usr/local/sbin/reserved-alias.pl
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/usr/bin/perl
-
-# Copyright © 2013 Guilhem Moulin <guilhem@fripost.org>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-use warnings;
-use strict;
-use Net::LDAPI;
-use Net::LDAP::Util qw/escape_filter_value ldap_explode_dn escape_dn_value/;
-use Authen::SASL;
-
-if (!@ARGV or grep { $_ eq '-h' or $_ eq '--help' } @ARGV) {
- # Help
- print STDERR "Usage: $0 [original recipient] [additional recipient ...]\n";
- print STDERR "\n";
- print STDERR "The message read from the standard input is redirected to 'additional recipient',\n";
- print STDERR "and also forwarded to the domain owner if any. If the 'additional recipient' begins\n";
- print STDERR "with '\@', the localpart of 'original recipient' is prepended.\n";
- print STDERR "\n";
- print STDERR "This is mostly useful to comply to RFC 822 section 6.3 and RFC 2142 section\n";
- print STDERR "4 (to forward mails to 'admin\@' and 'postmaster\@' to the site admin in\n";
- print STDERR "addition to the virtual domain manager).\n";
- exit;
-}
-
-# The original recipient
-my $orig = shift;
-$orig =~ /^([^@]+)\@(.+)$/
- or warn "Non fully qualified: $orig";
-my ($local,$domain) = ($1,$2);
-
-# The new recipient (typically, the admin site)
-my @recipients = grep { $_ and $orig ne $_ }
- # add localparts to domain
- map { my $x = $_;
- if ($x =~ /^\@/) {
- if ($local) {
- $x = $local.$x;
- }
- else {
- undef $x;
- }
- }
- $x
- }
- @ARGV;
-# Die if we can't deliver to site admins
-die "Error: Aborted delivery to '$orig' in attempt to break an alias expansion loop.\n"
- unless @recipients;
-
-my @sendmail = ('/usr/sbin/sendmail', '-i', '-bm');
-
-if (defined $domain) {
- # Look for the domain owner/postmaster
- my $ldap = Net::LDAPI->new();
- $ldap->bind( sasl => Authen::SASL->new(mechanism => 'EXTERNAL') )
- or die "Couldn't bind";
-
- my @attrs = ( 'fripostPostmaster', 'fripostOwner' );
- my $mesg = $ldap->search( base => 'fvd='.escape_dn_value($domain).','
- .'ou=virtual,o=mailHosting,dc=fripost,dc=org'
- , scope => 'base'
- , deref => 'never'
- , filter => '(&(objectClass=FripostVirtualDomain)'
- .'(fvd='.escape_filter_value($domain).')'.
- ')'
- , attrs => \@attrs
- );
- if ($mesg->code) {
- warn $mesg->error;
- }
- elsif ($mesg->count != 1) {
- # Note: this may happen for "$mydestination", but these mails
- # are unlikely. We'll get a harmless warning at worst.
- warn "Something weird happened when looking up domain '".$domain.
- "'. Check your ACL.";
- }
- else {
- my $entry = $mesg->pop_entry() // die "Cannot pop entry.";
- foreach (@attrs) {
- my $v = $entry->get_value($_, asref => 1) or next;
- foreach my $dn (@$v) {
- my $dn2 = ldap_explode_dn($dn, casefold => 'lower');
- my $l = $dn2->[0]->{fvl};
- my $d = $dn2->[1]->{fvd};
- if ($l and $d) {
- push @recipients, $l.'@'.$d;
- }
- else {
- warn "Invalid DN: $dn"
- }
- }
- }
- }
- $ldap->unbind;
-}
-
-exec (@sendmail, @recipients);
diff --git a/roles/mx/handlers/main.yml b/roles/mx/handlers/main.yml
deleted file mode 100644
index 21c736a..0000000
--- a/roles/mx/handlers/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- name: Restart Postgrey
- service: name=postgrey state=restarted
-
-- name: Restart Postfix
- service: name=postfix state=restarted
-
-- name: Reload Postfix
- service: name=postfix state=reloaded
diff --git a/roles/mx/tasks/main.yml b/roles/mx/tasks/main.yml
deleted file mode 100644
index e2da61e..0000000
--- a/roles/mx/tasks/main.yml
+++ /dev/null
@@ -1,74 +0,0 @@
-- name: Install Postfix & Postgrey
- apt: pkg={{ item }}
- with_items:
- - postfix
- - postfix-pcre
- - postfix-ldap
- - postfix-cdb
- - postgrey
- - libnet-ldap-perl
- - libauthen-sasl-perl
-
-- name: Configure Postgrey
- lineinfile: dest=/etc/default/postgrey
- regexp='^POSTGREY_OPTS='
- line='POSTGREY_OPTS="--privacy --unix=/var/spool/postfix-{{ postfix_instance[inst].name }}/private/postgrey"'
- owner=root group=root
- mode=0644
- register: r
- notify:
- - Restart Postgrey
-
-- name: Start Postgrey
- service: name=postgrey state=started
- when: not r.changed
-
-- meta: flush_handlers
-
-- name: Configure Postfix
- template: src=etc/postfix/main.cf.j2
- dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
- owner=root group=root
- mode=0644
- register: r
- notify:
- - Restart Postfix
-
-- name: Create directory /etc/postfix-.../virtual
- file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
- owner=root group=root
- state=directory
- mode=0755
-
-- name: Copy lookups tables
- copy: src=etc/postfix/virtual/{{ item }}
- dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
- owner=root group=root
- mode=0644
- with_items:
- - mailbox_domains.cf
- - reserved_maps.pcre
- - alias_maps.cf
- - lists_maps.cf
- - alias_catchall_maps.cf
- - mailbox_maps.cf
- - reserved_transport_maps
- - transport_lists_maps.cf
-
-- name: Compile the Reserved Transport Maps
- postmap: cmd=postalias instance={{ postfix_instance[inst].name }}
- src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/reserved_transport_maps db=cdb
- owner=root group=root
- mode=0644
-
-- name: Copy reserved-alias.pl
- copy: src=usr/local/sbin/reserved-alias.pl
- dest=/usr/local/sbin/reserved-alias.pl
- owner=root group=root
- mode=0755
-
-- name: Start Postfix
- service: name=postfix state=started
- when: not r.changed
-
-- meta: flush_handlers
diff --git a/roles/mx/templates/etc/postfix/main.cf.j2 b/roles/mx/templates/etc/postfix/main.cf.j2
deleted file mode 100644
index 0aa91b3..0000000
--- a/roles/mx/templates/etc/postfix/main.cf.j2
+++ /dev/null
@@ -1,142 +0,0 @@
-########################################################################
-# MX configuration
-#
-# {{ ansible_managed }}
-# Do NOT edit this file directly!
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-readme_directory = no
-mail_owner = postfix
-
-delay_warning_time = 4h
-maximal_queue_lifetime = 5d
-
-myorigin = /etc/mailname
-myhostname = mx{{ mxno | default('') }}.$mydomain
-mydomain = {{ ansible_domain }}
-append_dot_mydomain = no
-
-# Turn off all TCP/IP listener ports except that necessary for the mail
-# exchange.
-master_service_disable = !smtp.inet inet
-
-queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }}
-data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }}
-multi_instance_group = {{ postfix_instance[inst].group | default('') }}
-multi_instance_name = postfix-{{ postfix_instance[inst].name }}
-multi_instance_enable = yes
-
-# This server is a Mail eXchange
-mynetworks_style = host
-inet_interfaces = all
-inet_protocols = all
-
-# No local delivery
-mydestination =
-local_transport = error:5.1.1 Mailbox unavailable
-alias_maps =
-alias_database =
-local_recipient_maps =
-
-message_size_limit = 67108864
-recipient_delimiter = +
-
-# Forward everything to our internal mailhub
-{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:{{ MTA_out.port }}
-{% else %}
-relayhost = [{{ MTA_out.IPv4 }}]:{{ MTA_out.port }}
-{% endif %}
-relay_domains =
-
-# Virtual transport
-{% if 'LDA' in group_names %}
-virtual_transport = smtp:[127.0.0.1]:{{ LDA.port }}
-{% else %}
-virtual_transport = smtp:[{{ LDA.IPv4 }}]:{{ LDA.port }}
-{% endif %}
-
-virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
-virtual_alias_maps = pcre:$config_directory/virtual/reserved_maps.pcre
- ldap:$config_directory/virtual/alias_maps.cf
- ldap:$config_directory/virtual/lists_maps.cf
- ldap:$config_directory/virtual/alias_catchall_maps.cf
-virtual_mailbox_maps = ldap:$config_directory/virtual/mailbox_maps.cf
-mailbox_transport_maps = cdb:$config_directory/virtual/reserved_transport_maps
- ldap:$config_directory/virtual/transport_lists_maps.cf
-
-# Don't rewrite remote headers
-local_header_rewrite_clients =
-# Pass the client information along to the content filter
-smtp_send_xforward_command = yes
-# Avoid splitting the envelope and scanning messages multiple times
-smtp_destination_recipient_limit = 1000
-# Tolerate occasional high latency
-smtp_data_done_timeout = 1200s
-
-# Tunnel everything through IPSec
-smtp_tls_security_level = none
-smtp_bind_address = 172.16.0.1
-
-# TLS
-smtpd_tls_security_level = may
-smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_tls_CApath = /etc/ssl/certs/
-smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
-smtpd_tls_received_header = yes
-smtpd_tls_ask_ccert = yes
-smtpd_tls_fingerprint_digest = sha1
-smtpd_tls_eecdh_grade = strong
-tls_random_source = dev:/dev/urandom
-
-
-# http://en.linuxreviews.org/HOWTO_Stop_spam_using_Postfix
-# http://www.howtoforge.com/block_spam_at_mta_level_postfix
-
-strict_rfc821_envelopes = yes
-smtpd_delay_reject = yes
-disable_vrfy_command = yes
-
-# UCE control
-invalid_hostname_reject_code = 554
-multi_recipient_bounce_reject_code = 554
-non_fqdn_reject_code = 554
-relay_domains_reject_code = 554
-unknown_address_reject_code = 554
-unknown_client_reject_code = 554
-unknown_hostname_reject_code = 554
-unknown_local_recipient_reject_code = 554
-unknown_relay_recipient_reject_code = 554
-unknown_virtual_alias_reject_code = 554
-unknown_virtual_mailbox_reject_code = 554
-unverified_recipient_reject_code = 554
-unverified_sender_reject_code = 554
-
-
-smtpd_client_restrictions =
- permit_mynetworks
- reject_rbl_client zen.spamhaus.org
- reject_rbl_client bl.spamcop.net
-
-smtpd_helo_required = yes
-smtpd_helo_restrictions =
- permit_mynetworks
- reject_non_fqdn_helo_hostname
- reject_invalid_helo_hostname
-
-smtpd_sender_restrictions =
- reject_non_fqdn_sender
- reject_unknown_sender_domain
-
-smtpd_recipient_restrictions =
- # RFC requirements
- reject_non_fqdn_recipient
- reject_unknown_recipient_domain
- permit_mynetworks
- reject_unauth_destination
- check_policy_service unix:private/postgrey
-
-smtpd_data_restrictions =
- reject_unauth_pipelining