summaryrefslogtreecommitdiffstats
path: root/roles/common/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/templates')
-rw-r--r--roles/common/templates/etc/postfix/master.cf.j290
1 files changed, 90 insertions, 0 deletions
diff --git a/roles/common/templates/etc/postfix/master.cf.j2 b/roles/common/templates/etc/postfix/master.cf.j2
new file mode 100644
index 0000000..9a07dfd
--- /dev/null
+++ b/roles/common/templates/etc/postfix/master.cf.j2
@@ -0,0 +1,90 @@
+########################################################################
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# {{ ansible_managed }}
+# Do NOT edit this file directly!
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+
+{% if inst is not defined %}
+[127.0.0.1]:16132 inet n - - - - smtpd
+{% elif inst == 'MX' %}
+smtpd pass - - n - - smtpd
+ -o cleanup_service_name=cleanup_nochroot
+smtp inet n - n - 1 postscreen
+tlsproxy unix - - n - 0 tlsproxy
+dnsblog unix - - n - 0 dnsblog
+cleanup_nochroot unix n - n - 0 cleanup
+{% elif inst == 'MSA' %}
+{{ postfix_instance.MSA.port }} inet n - - - - smtpd
+ -o tls_high_cipherlist=EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
+{% elif inst in ['IMAP', 'out', 'lists'] %}
+{{ postfix_instance[inst].port }} inet n - - - - smtpd
+ -o tls_high_cipherlist=HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH
+{% endif %}
+pickup fifo n - - 60 1 pickup
+cleanup unix n - - - 0 cleanup
+qmgr fifo n - n 300 1 qmgr
+tlsmgr unix - - - 1000? 1 tlsmgr
+rewrite unix - - - - - trivial-rewrite
+bounce unix - - - - 0 bounce
+defer unix - - - - 0 bounce
+trace unix - - - - 0 bounce
+verify unix - - - - 1 verify
+flush unix n - - 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - - - - smtp
+relay unix - - - - - smtp
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - - - - showq
+error unix - - - - - error
+retry unix - - - - - error
+discard unix - - - - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - - - - lmtp
+anvil unix - - - - 1 anvil
+scache unix - - - - 1 scache
+{% if inst is defined and inst == 'MX' %}
+reserved-alias unix - n n - - pipe
+ flags=Rhu user=nobody argv=/usr/local/bin/reserved-alias.pl ${sender} ${original_recipient} @fripost.org
+{% endif %}
+{% if inst is defined and inst == 'lists' %}
+sympa unix - n n - - pipe
+ flags=Rhu user=sympa argv=/usr/local/bin/sympa-queue ${user}
+{% endif %}
+
+{% if inst is defined and inst == 'out' %}
+# Client part (lmtp) - amavis
+amavisfeed unix - - n - 5 lmtp
+ -o lmtp_destination_recipient_limit=1000
+ -o lmtp_send_xforward_command=yes
+ -o lmtp_data_done_timeout=1200s
+ -o disable_dns_lookups=yes
+
+# Server part (smtpd) - amavis
+[127.0.0.1]:10025 inet n - n - - smtpd
+ -o content_filter=
+ -o smtpd_delay_reject=no
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_helo_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_relay_restrictions=permit_mynetworks,reject
+ -o smtpd_data_restrictions=reject_unauth_pipelining
+ -o smtpd_end_of_data_restrictions=
+ -o smtpd_restriction_classes=
+ -o mynetworks_style=host
+ -o smtpd_error_sleep_time=0
+ -o smtpd_soft_error_limit=1001
+ -o smtpd_hard_error_limit=1000
+ -o smtpd_client_connection_count_limit=0
+ -o smtpd_client_connection_rate_limit=0
+ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
+ -o local_header_rewrite_clients=
+ -o smtpd_authorized_xforward_hosts=127.0.0.0/8
+{% endif %}