From 4895573883df830a82b65b8ecf96abde18370147 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 1 Dec 2013 17:08:53 +0100 Subject: Share master.cf accross all Postfix instances. And use main.cf's 'master_service_disable' setting to deactivate each service that's useless for a given instance. (Hence solve conflict when trying to listen twice on the same port, for instance.) --- group_vars/all.yml | 3 +++ roles/common/files/etc/postfix/generic.pcre | 2 ++ roles/common/tasks/mail.yml | 15 +++++++++------ roles/common/templates/etc/postfix/main.cf.j2 | 20 ++++++++++---------- 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 2cd3a42..a0c229e 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -7,3 +7,6 @@ postfix_instance: MX: { name: mta-in, group: mta } MTA-out: { name: mta-out,group: mta } MSA: { name: msa } + +MTA_out: { IPv4: outgoing.fripost.org, port: 2525 } +LDA: { IPv4: lda.fripost.org, port: 2526 } diff --git a/roles/common/files/etc/postfix/generic.pcre b/roles/common/files/etc/postfix/generic.pcre index c46f4b5..1181a22 100644 --- a/roles/common/files/etc/postfix/generic.pcre +++ b/roles/common/files/etc/postfix/generic.pcre @@ -1 +1,3 @@ +# Rewrite the whole enveloppe (From: & To: included) to somthing +# routable on the internet. /^(.+)@([^@.]+)\.[^@]+$/ admin+${1}=${2}@fripost.org diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml index 9de0eaa..c562c42 100644 --- a/roles/common/tasks/mail.yml +++ b/roles/common/tasks/mail.yml @@ -15,13 +15,16 @@ notify: - Restart Postfix -- name: Define dynamic maps for children instances - # main.cf and master.cf are configured in dedicated roles, though - file: src=../postfix/dynamicmaps.cf - dest=/etc/postfix-{{ postfix_instance[item].name }}/dynamicmaps.cf - owner=root group=root state=link +- name: Link the dynamic maps & master.cf of each children to the master's + # main.cf is specialized to each dedicated role, though + file: src=../postfix/{{ item.1 }} + dest=/etc/postfix-{{ postfix_instance[item.0].name }}/{{ item.1 }} + owner=root group=root + state=link force=yes register: r2 - with_items: postfix_instance.keys() | intersect(group_names) | list + with_nested: + - postfix_instance.keys() | intersect(group_names) | list + - [ 'dynamicmaps.cf', 'master.cf' ] notify: - Restart Postfix diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2 index 0922b49..59bf0ba 100644 --- a/roles/common/templates/etc/postfix/main.cf.j2 +++ b/roles/common/templates/etc/postfix/main.cf.j2 @@ -11,11 +11,9 @@ mydomain = {{ ansible_domain }} append_dot_mydomain = no # This server is for internal use only -mynetworks_style = host -inet_interfaces = loopback-only -inet_protocols = ipv4 -# Tunnel everything through IPSec -smtp_bind_address = 172.16.0.1 +mynetworks_style = host +inet_interfaces = loopback-only +inet_protocols = ipv4 # No local delivery mydestination = @@ -33,15 +31,17 @@ smtp_generic_maps = pcre:$config_directory/generic.pcre # Forward everything to our internal mailhub {% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:2525 +# TODO: use a UNIX socket instead +relay_transport = lmtp:unix:private/mta-out {% else %} -relayhost = [outgoing.fripost.org]:2525 +relayhost = [{{ MTA_out.IPv4 }}]:{{ MTA_out.port }} {% endif %} +relay_domains = -# This server is for internal use only; external connections are -# protected by IPSec already -smtpd_tls_security_level = none +# Tunnel everything through IPSec smtp_tls_security_level = none +smtp_bind_address = 172.16.0.1 +smtpd_tls_security_level = none # Turn off all TCP/IP listener ports except that dedicated to # samhain(8), which sadly cannot use pickup through the sendmail binary. -- cgit v1.2.3