diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/out/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/out/templates/etc/postfix/canonical.j2 | 10 | ||||
| -rw-r--r-- | roles/out/templates/etc/postfix/main.cf.j2 | 4 |
3 files changed, 26 insertions, 0 deletions
diff --git a/roles/out/tasks/main.yml b/roles/out/tasks/main.yml index 96a557d..0e64443 100644 --- a/roles/out/tasks/main.yml +++ b/roles/out/tasks/main.yml @@ -1,34 +1,46 @@ - name: Install Postfix apt: pkg=postfix - name: Configure Postfix template: src=etc/postfix/{{ item }}.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }} owner=root group=root mode=0644 with_items: - main.cf - master.cf notify: - Reload Postfix +- name: Copy the canonical maps + template: src=etc/postfix/canonical.j2 + dest=/etc/postfix-{{ postfix_instance[inst].name }}/canonical + owner=root group=root + mode=0644 + +- name: Compile the canonical maps + # no need to reload upon change, as cleanup(8) is short-running + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/canonical db=lmdb + owner=root group=root + mode=0644 + - meta: flush_handlers - name: Start Postfix service: name=postfix state=started - name: Install 'postfix_mailqueue_' Munin wildcard plugin file: src=/usr/local/share/munin/plugins/postfix_mailqueue_ dest=/etc/munin/plugins/postfix_mailqueue_postfix-{{ postfix_instance[inst].name }} owner=root group=root state=link force=yes tags: - munin - munin-node notify: - Restart munin-node - name: Install 'postfix_stats_' Munin wildcard plugin file: src=/usr/local/share/munin/plugins/postfix_stats_ dest=/etc/munin/plugins/postfix_stats_{{ item }}_postfix-{{ postfix_instance[inst].name }} diff --git a/roles/out/templates/etc/postfix/canonical.j2 b/roles/out/templates/etc/postfix/canonical.j2 new file mode 100644 index 0000000..ed8bb4d --- /dev/null +++ b/roles/out/templates/etc/postfix/canonical.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +# Do NOT edit this file directly! + +# Addresses under $myhostname are typically not valid as envelope +# recipients (eg, logcheck@, root@, etc.). This breaks the sender +# address verification, so we use the admin team's address in the +# envelope. +{% for host in groups.all | sort %} +@{{ hostvars[host].inventory_hostname }} admin@fripost.org +{% endfor %} diff --git a/roles/out/templates/etc/postfix/main.cf.j2 b/roles/out/templates/etc/postfix/main.cf.j2 index 6d83710..c05d9a5 100644 --- a/roles/out/templates/etc/postfix/main.cf.j2 +++ b/roles/out/templates/etc/postfix/main.cf.j2 @@ -25,40 +25,44 @@ mynetworks = 127.0.0.0/8, [::1]/128 queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }} data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }} multi_instance_group = {{ postfix_instance[inst].group | default('') }} multi_instance_name = postfix-{{ postfix_instance[inst].name }} multi_instance_enable = yes # No local delivery mydestination = local_transport = error:5.1.1 Mailbox unavailable alias_maps = alias_database = local_recipient_maps = message_size_limit = 0 recipient_delimiter = + relay_domains = relay_transport = error:5.3.2 Relay Transport unavailable +# Replace internal system addresses under $myhostname with a valid address +canonical_maps = lmdb:$config_directory/canonical +canonical_classes = envelope_sender, envelope_recipient + # All header rewriting happens upstream local_header_rewrite_clients = smtp_tls_security_level = may smtp_tls_ciphers = medium smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = lmdb:$data_directory/smtp_tls_session_cache smtpd_tls_security_level = none strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_client_restrictions = permit_mynetworks # We are the only ones using this proxy, but if things go wrong we # want to know why |