summaryrefslogtreecommitdiffstats
path: root/roles/out
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-01 14:38:52 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:52:13 +0200
commit170dc68f9275dffb48fbe3f8ebb2183cd7ddf111 (patch)
tree6049724b1bb2d527a337c2f07e14275b9bc40818 /roles/out
parent909e291291414721b7f7bb4aae471a5c187b02c4 (diff)
Outgoing SMTP proxy.
Diffstat (limited to 'roles/out')
-rw-r--r--roles/out/handlers/main.yml9
-rw-r--r--roles/out/tasks/main.yml17
-rw-r--r--roles/out/templates/etc/postfix/main.cf.j278
3 files changed, 104 insertions, 0 deletions
diff --git a/roles/out/handlers/main.yml b/roles/out/handlers/main.yml
new file mode 100644
index 0000000..21c736a
--- /dev/null
+++ b/roles/out/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Restart Postgrey
+ service: name=postgrey state=restarted
+
+- name: Restart Postfix
+ service: name=postfix state=restarted
+
+- name: Reload Postfix
+ service: name=postfix state=reloaded
diff --git a/roles/out/tasks/main.yml b/roles/out/tasks/main.yml
new file mode 100644
index 0000000..4bf4363
--- /dev/null
+++ b/roles/out/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Install Postfix
+ apt: pkg=postfix
+
+- name: Configure Postfix
+ template: src=etc/postfix/main.cf.j2
+ dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
+ owner=root group=root
+ mode=0644
+ register: r
+ notify:
+ - Restart Postfix
+
+- name: Start Postfix
+ service: name=postfix state=started
+ when: not r.changed
+
+- meta: flush_handlers
diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2
new file mode 100644
index 0000000..1a7985f
--- /dev/null
+++ b/roles/out/templates/etc/postfix/main.cf.j2
@@ -0,0 +1,78 @@
+########################################################################
+# Outgoing MTA configuration
+#
+# {{ ansible_managed }}
+# Do NOT edit this file directly!
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+readme_directory = no
+mail_owner = postfix
+
+delay_warning_time = 1d
+maximal_queue_lifetime = 5d
+
+myorigin = /etc/mailname
+myhostname = outgoing{{ outgoingno | default('') }}.$mydomain
+mydomain = fripost.org
+append_dot_mydomain = no
+
+# Turn off all TCP/IP listener ports except that necessary for the
+# outgoing SMTP proxy.
+master_service_disable = !2525.inet inet
+
+queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }}
+data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }}
+multi_instance_group = {{ postfix_instance[inst].group | default('') }}
+multi_instance_name = postfix-{{ postfix_instance[inst].name }}
+multi_instance_enable = yes
+
+# Accept everything coming through IPSec.
+# TODO: this should our virtual private subnetwork
+mynetworks = 0.0.0.0/0
+inet_interfaces = 172.16.0.1, 127.0.0.1
+
+# No local delivery
+mydestination =
+local_transport = error:5.1.1 Mailbox unavailable
+alias_maps =
+alias_database =
+local_recipient_maps =
+
+message_size_limit = 67108864
+recipient_delimiter = +
+
+relay_domains =
+relay_transport = error:5.3.2 Relay Transport unavailable
+
+# All header rewriting happens upstream
+local_header_rewrite_clients =
+
+
+smtp_tls_security_level = may
+smtp_tls_note_starttls_offer = yes
+smtp_tls_cert_file = /etc/postfix-out/ssl/smtp.fripost.org.pem
+smtp_tls_key_file = /etc/postfix-out/ssl/smtp.fripost.org.key
+smtp_tls_CApath = /etc/ssl/certs/
+smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
+smtp_tls_fingerprint_digest = sha1
+tls_random_source = dev:/dev/urandom
+
+
+smtpd_helo_required = yes
+smtpd_helo_restrictions =
+ reject_invalid_helo_hostname
+
+smtpd_sender_restrictions =
+ reject_non_fqdn_sender
+ reject_unknown_sender_domain
+
+smtpd_recipient_restrictions =
+ # RFC requirements
+ reject_non_fqdn_recipient
+ reject_unknown_recipient_domain
+ permit_mynetworks
+ reject_unauth_destination
+
+smtpd_data_restrictions =
+ reject_unauth_pipelining