summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks/mail.yml
Commit message (Collapse)AuthorAgeFiles
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-101
|
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101
|
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵Guilhem Moulin2016-05-181
| | | | | | locally. And use this to fetch all X.509 leaf certificates.
* Ansible: Using bare variables is deprecated, and will be removed in a future ↵Guilhem Moulin2016-03-021
| | | | release.
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-121
|
* Internal Postfix config: Generate RSA 4096 keys by default.Guilhem Moulin2015-10-281
|
* Add a 'root' alias to root@fripost.org.Guilhem Moulin2015-06-071
|
* Ensure have a TLS policy for each of our host we want to relay to.Guilhem Moulin2015-06-071
|
* Postfix needs to be restarted after rekeying.Guilhem Moulin2015-06-071
| | | | (It opens the key as root, but then drops the permissions.)
* Add a tag 'tls_policy' to facilitate rekeying.Guilhem Moulin2015-06-071
| | | | | First generate all certs (-t genkey), then build the TLS policy maps ( -t tls_policy).
* Add ability to add custom OrganizationalUnits in genkeypair.Guilhem Moulin2015-06-071
| | | | Also, it's now possible to reuse an existing private key (with -f).
* Reload Postfix upon configuration change, but don't restart it.Guilhem Moulin2015-06-071
| | | | | | (Unless a new instance is created, or the master.cf change is modified.) Changing some variables, such as inet_protocols, require a full restart, but most of the time it's overkill.
* Don't restart/reload Postifx upon change of a file based database.Guilhem Moulin2015-06-071
| | | | | | And don't restart or reload either upon change of pcre: files that are used by smtpd(8), cleanup(8) or local(8), following the suggestion from http://www.postfix.org/DATABASE_README.html#detect .
* Replace IPSec tunnels by app-level ephemeral TLS sessions.Guilhem Moulin2015-06-071
| | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well.
* Don't use generic maps.Guilhem Moulin2015-06-071
| | | | | | | | | | | | | | | | | In fact we want to only rewrite the envelope sender: :/etc/postfix/main.cf # Overwrite local FQDN envelope sender addresses sender_canonical_classes = envelope_sender propagate_unmatched_extensions = sender_canonical_maps = cdb:$config_directory/sender_canonical :/etc/postfix/sender_canonical @elefant.fripost.org admin@fripost.org However, when canonical(5) processes a mail sent vias sendmail(1), it rewrites the envelope sender which seems to *later* be use as From: header.
* wibbleGuilhem Moulin2015-06-071
|
* Share master.cf accross all Postfix instances.Guilhem Moulin2015-06-071
| | | | | | And use main.cf's 'master_service_disable' setting to deactivate each service that's useless for a given instance. (Hence solve conflict when trying to listen twice on the same port, for instance.)
* Postfix master (nullmailer) configurationGuilhem Moulin2015-06-071
We use a dedicated instance for each role: MDA, MTA out, MX, etc.