diff options
| -rw-r--r-- | roles/MX/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/MX/templates/etc/postfix/main.cf.j2 | 25 | ||||
| -rw-r--r-- | roles/MX/templates/etc/postfix/virtual/domains.cf.j2 (renamed from roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2) | 0 | ||||
| -rw-r--r-- | roles/MX/templates/etc/postfix/virtual/list.cf.j2 | 2 | ||||
| -rw-r--r-- | roles/MX/templates/etc/postfix/virtual/transport.j2 | 4 | ||||
| l--------- | roles/lists/files/etc/postfix/virtual/domains.cf | 1 | ||||
| l--------- | roles/lists/files/etc/postfix/virtual/mailbox_domains.cf | 1 | ||||
| -rw-r--r-- | roles/lists/tasks/mail.yml | 2 |
8 files changed, 18 insertions, 19 deletions
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml index a6c68f6..db4bb58 100644 --- a/roles/MX/tasks/main.yml +++ b/roles/MX/tasks/main.yml @@ -28,41 +28,41 @@ - name: Configure Postfix template: src=etc/postfix/main.cf.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf owner=root group=root mode=0644 notify: - Reload Postfix - name: Create directory /etc/postfix-.../virtual file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual state=directory owner=root group=root mode=0755 - name: Copy lookup tables template: src=etc/postfix/virtual/{{ item }}.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }} owner=root group=root mode=0644 with_items: - - mailbox_domains.cf + - domains.cf # no need to reload upon change, as cleanup(8) is short-running - reserved_alias.pcre - alias.cf - mailbox.cf - list.cf - alias_domains.cf - catchall.cf - transport - name: Compile the Postfix transport maps # trivial-rewrite(8) is a long-running process, so it's safer to reload postmap: instance={{ postfix_instance[inst].name }} src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=cdb owner=root group=root mode=0644 notify: - Reload Postfix - name: Copy reserved-alias.pl copy: src=usr/local/sbin/reserved-alias.pl diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index b0da1bc..e3b8ce0 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -37,53 +37,52 @@ local_transport = error:5.1.1 Mailbox unavailable alias_maps = alias_database = local_recipient_maps = message_size_limit = 67108864 recipient_delimiter = + # Forward everything to our internal outgoing proxy {% if 'out' in group_names %} relayhost = [127.0.0.1]:{{ postfix_instance.out.port }} {% else %} relayhost = [outgoing.fripost.org]:{{ postfix_instance.out.port }} {% endif %} relay_domains = # Virtual transport # We use a dedicated "virtual" domain to decongestion potential # bottlenecks on trivial_rewrite(8) due to slow LDAP lookups in # tranport_maps. -virtual_transport = error:5.1.1 Virtual transport unavailable -virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf -virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre - # first we do the alias resolution... - ldap:$config_directory/virtual/alias.cf - # ...and unless there is matching mailbox/list... - ldap:$config_directory/virtual/mailbox.cf - ldap:$config_directory/virtual/list.cf - # ...we resolve alias domains and catch alls - ldap:$config_directory/virtual/alias_domains.cf - ldap:$config_directory/virtual/catchall.cf -virtual_mailbox_maps = -transport_maps = cdb:$config_directory/virtual/transport +virtual_transport = error:5.1.1 Virtual transport unavailable +virtual_alias_domains = ldap:$config_directory/virtual/domains.cf +virtual_alias_maps = pcre:$config_directory/virtual/reserved_alias.pcre + # first we do the alias resolution... + ldap:$config_directory/virtual/alias.cf + # ...and unless there is matching mailbox/list... + ldap:$config_directory/virtual/mailbox.cf + ldap:$config_directory/virtual/list.cf + # ...we resolve alias domains and catch alls + ldap:$config_directory/virtual/alias_domains.cf + ldap:$config_directory/virtual/catchall.cf +transport_maps = cdb:$config_directory/virtual/transport # Don't rewrite remote headers local_header_rewrite_clients = # Pass the client information along to the content filter smtp_send_xforward_command = yes # Avoid splitting the envelope and scanning messages multiple times smtp_destination_recipient_limit = 1000 reserved-alias_recipient_limit = 1 # Tolerate occasional high latency smtp_data_done_timeout = 1200s {% if 'out' in group_names %} smtp_tls_security_level = none smtp_bind_address = 127.0.0.1 {% else %} smtp_tls_security_level = encrypt smtp_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem smtp_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/domains.cf.j2 index 1cb8add..1cb8add 100644 --- a/roles/MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/domains.cf.j2 diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 index a2ff325..5de79d9 100644 --- a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 @@ -1,13 +1,13 @@ server_host = ldapi://%2Fprivate%2Fldapi/ version = 3 search_base = fvd=%d,ou=virtual,dc=fripost,dc=org domain = static:all scope = one bind = yes bind_dn = cn=postfix,ou=services,dc=fripost,dc=org bind_pw = FIXME query_filter = (&(objectClass=FripostVirtualList)(!(objectClass=FripostPendingEntry))(fvl=%u)(fripostIsStatusActive=TRUE)) result_attribute = fvl # Use a dedicated "virtual" domain to decongestion potential bottlenecks # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps. -result_format = %D/%U@lists.fripost.org +result_format = %D/%U@mailman.fripost.org diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2 index 85715a0..9eac2be 100644 --- a/roles/MX/templates/etc/postfix/virtual/transport.j2 +++ b/roles/MX/templates/etc/postfix/virtual/transport.j2 @@ -1,13 +1,13 @@ reserved.fripost.org reserved-alias: {% if 'LDA' in group_names %} mda.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.IMAP.port }} {% else %} mda.fripost.org smtp:[mda.fripost.org]:{{ postfix_instance.IMAP.port }} {% endif %} {% if 'lists' in group_names %} -lists.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }} +mailman.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }} {% else %} -lists.fripost.org smtp:[lists.fripost.org]:{{ postfix_instance.lists.port }} +mailman.fripost.org smtp:[lists.fripost.org]:{{ postfix_instance.lists.port }} {% endif %} diff --git a/roles/lists/files/etc/postfix/virtual/domains.cf b/roles/lists/files/etc/postfix/virtual/domains.cf new file mode 120000 index 0000000..320a970 --- /dev/null +++ b/roles/lists/files/etc/postfix/virtual/domains.cf @@ -0,0 +1 @@ +../../../../../MX/templates/etc/postfix/virtual/domains.cf.j2
\ No newline at end of file diff --git a/roles/lists/files/etc/postfix/virtual/mailbox_domains.cf b/roles/lists/files/etc/postfix/virtual/mailbox_domains.cf deleted file mode 120000 index 05f7ed9..0000000 --- a/roles/lists/files/etc/postfix/virtual/mailbox_domains.cf +++ /dev/null @@ -1 +0,0 @@ -../../../../../MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2
\ No newline at end of file diff --git a/roles/lists/tasks/mail.yml b/roles/lists/tasks/mail.yml index a08ff5c..15d381d 100644 --- a/roles/lists/tasks/mail.yml +++ b/roles/lists/tasks/mail.yml @@ -7,27 +7,27 @@ - name: Configure Postfix template: src=etc/postfix/main.cf.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf owner=root group=root mode=0644 notify: - Reload Postfix - name: Create directory /etc/postfix-.../virtual file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual state=directory owner=root group=root mode=0755 - name: Copy lookup tables copy: src=etc/postfix/virtual/{{ item }} dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }} owner=root group=root mode=0644 with_items: - - mailbox_domains.cf + - domains.cf - transport_list.cf - meta: flush_handlers - name: Start Postfix service: name=postfix state=started |