diff options
Diffstat (limited to 'roles/common/templates')
-rw-r--r-- | roles/common/templates/etc/postfix/master.cf.j2 | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/roles/common/templates/etc/postfix/master.cf.j2 b/roles/common/templates/etc/postfix/master.cf.j2 new file mode 100644 index 0000000..9a07dfd --- /dev/null +++ b/roles/common/templates/etc/postfix/master.cf.j2 @@ -0,0 +1,90 @@ +######################################################################## +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master"). +# +# {{ ansible_managed }} +# Do NOT edit this file directly! +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (yes) (never) (100) +# ========================================================================== + +{% if inst is not defined %} +[127.0.0.1]:16132 inet n - - - - smtpd +{% elif inst == 'MX' %} +smtpd pass - - n - - smtpd + -o cleanup_service_name=cleanup_nochroot +smtp inet n - n - 1 postscreen +tlsproxy unix - - n - 0 tlsproxy +dnsblog unix - - n - 0 dnsblog +cleanup_nochroot unix n - n - 0 cleanup +{% elif inst == 'MSA' %} +{{ postfix_instance.MSA.port }} inet n - - - - smtpd + -o tls_high_cipherlist=EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL +{% elif inst in ['IMAP', 'out', 'lists'] %} +{{ postfix_instance[inst].port }} inet n - - - - smtpd + -o tls_high_cipherlist=HIGH:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH +{% endif %} +pickup fifo n - - 60 1 pickup +cleanup unix n - - - 0 cleanup +qmgr fifo n - n 300 1 qmgr +tlsmgr unix - - - 1000? 1 tlsmgr +rewrite unix - - - - - trivial-rewrite +bounce unix - - - - 0 bounce +defer unix - - - - 0 bounce +trace unix - - - - 0 bounce +verify unix - - - - 1 verify +flush unix n - - 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - - - - smtp +relay unix - - - - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - - - - showq +error unix - - - - - error +retry unix - - - - - error +discard unix - - - - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - - - - lmtp +anvil unix - - - - 1 anvil +scache unix - - - - 1 scache +{% if inst is defined and inst == 'MX' %} +reserved-alias unix - n n - - pipe + flags=Rhu user=nobody argv=/usr/local/bin/reserved-alias.pl ${sender} ${original_recipient} @fripost.org +{% endif %} +{% if inst is defined and inst == 'lists' %} +sympa unix - n n - - pipe + flags=Rhu user=sympa argv=/usr/local/bin/sympa-queue ${user} +{% endif %} + +{% if inst is defined and inst == 'out' %} +# Client part (lmtp) - amavis +amavisfeed unix - - n - 5 lmtp + -o lmtp_destination_recipient_limit=1000 + -o lmtp_send_xforward_command=yes + -o lmtp_data_done_timeout=1200s + -o disable_dns_lookups=yes + +# Server part (smtpd) - amavis +[127.0.0.1]:10025 inet n - n - - smtpd + -o content_filter= + -o smtpd_delay_reject=no + -o smtpd_client_restrictions=permit_mynetworks,reject + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_relay_restrictions=permit_mynetworks,reject + -o smtpd_data_restrictions=reject_unauth_pipelining + -o smtpd_end_of_data_restrictions= + -o smtpd_restriction_classes= + -o mynetworks_style=host + -o smtpd_error_sleep_time=0 + -o smtpd_soft_error_limit=1001 + -o smtpd_hard_error_limit=1000 + -o smtpd_client_connection_count_limit=0 + -o smtpd_client_connection_rate_limit=0 + -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters + -o local_header_rewrite_clients= + -o smtpd_authorized_xforward_hosts=127.0.0.0/8 +{% endif %} |