From 9ff98e18e5dd6967bce1457cff1884ec632cf2b5 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 2 Dec 2013 22:43:44 +0100 Subject: Configure the Mail Delivery Agent. --- .../files/etc/postfix/virtual/mailbox_domains.cf | 1 + .../IMAP/files/etc/postfix/virtual/mailbox_maps.cf | 1 + .../virtual/transport_content_filter_maps.cf | 8 +++ roles/IMAP/handlers/main.yml | 6 +++ roles/IMAP/tasks/main.yml | 1 + roles/IMAP/tasks/mda.yml | 36 +++++++++++++ roles/IMAP/templates/etc/postfix/main.cf.j2 | 60 ++++++++++++++++++++++ roles/common/files/etc/postfix/master.cf | 7 ++- roles/mx/templates/etc/postfix/main.cf.j2 | 10 ++-- 9 files changed, 124 insertions(+), 6 deletions(-) create mode 120000 roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf create mode 120000 roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf create mode 100644 roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf create mode 100644 roles/IMAP/tasks/mda.yml create mode 100644 roles/IMAP/templates/etc/postfix/main.cf.j2 diff --git a/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf b/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf new file mode 120000 index 0000000..7e8c163 --- /dev/null +++ b/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf @@ -0,0 +1 @@ +../../../../../mx/files/etc/postfix/virtual/mailbox_domains.cf \ No newline at end of file diff --git a/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf b/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf new file mode 120000 index 0000000..763b30e --- /dev/null +++ b/roles/IMAP/files/etc/postfix/virtual/mailbox_maps.cf @@ -0,0 +1 @@ +../../../../../mx/files/etc/postfix/virtual/mailbox_maps.cf \ No newline at end of file diff --git a/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf new file mode 100644 index 0000000..6ea944f --- /dev/null +++ b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter_maps.cf @@ -0,0 +1,8 @@ +server_host = ldapi://%2Fprivate%2Fldapi/ +version = 3 +search_base = fvl=%u,fvd=%d,ou=virtual,o=mailHosting,dc=fripost,dc=org +scope = base +bind = none +query_filter = (&(ObjectClass=AmavisAccount)(fvl=%u)) +result_attribute = fvl +result_format = amavisfeed:unix:public/amavisfeed-contentfilter diff --git a/roles/IMAP/handlers/main.yml b/roles/IMAP/handlers/main.yml index 45f817d..2e54251 100644 --- a/roles/IMAP/handlers/main.yml +++ b/roles/IMAP/handlers/main.yml @@ -1,3 +1,9 @@ --- - name: Restart Dovecot service: name=dovecot state=restarted + +- name: Restart Postfix + service: name=postfix state=restarted + +- name: Reload Postfix + service: name=postfix state=reloaded diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml index d71573e..df21dd2 100644 --- a/roles/IMAP/tasks/main.yml +++ b/roles/IMAP/tasks/main.yml @@ -1,2 +1,3 @@ --- - include: imap.yml tags=imap,dovecot +- include: mda.yml tags=mda,mail,postfix diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml new file mode 100644 index 0000000..39938fd --- /dev/null +++ b/roles/IMAP/tasks/mda.yml @@ -0,0 +1,36 @@ +- name: Install Postfix + apt: pkg={{ item }} + with_items: + - postfix + - postfix-ldap + +- name: Configure Postfix + template: src=etc/postfix/main.cf.j2 + dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf + owner=root group=root + mode=0644 + register: r + notify: + - Restart Postfix + +- name: Create directory /etc/postfix-.../virtual + file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual + owner=root group=root + state=directory + mode=0755 + +- name: Copy lookups tables + copy: src=etc/postfix/virtual/{{ item }} + dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }} + owner=root group=root + mode=0644 + with_items: + - mailbox_domains.cf + - mailbox_maps.cf + - transport_content_filter_maps.cf + +- name: Start Postfix + service: name=postfix state=started + when: not r.changed + +- meta: flush_handlers diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 new file mode 100644 index 0000000..1fb2fcc --- /dev/null +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -0,0 +1,60 @@ +######################################################################## +# MDA configuration +# +# {{ ansible_managed }} +# Do NOT edit this file directly! + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no +readme_directory = no +mail_owner = postfix + +delay_warning_time = 4h +maximal_queue_lifetime = 5d + +myorigin = /etc/mailname +myhostname = mda{{ imapno | default('') }}.$mydomain +mydomain = {{ ansible_domain }} +append_dot_mydomain = no + +# Turn off all TCP/IP listener ports except that necessary for the MDA. +master_service_disable = !2526.inet inet + +queue_directory = /var/spool/postfix-{{ postfix_instance[inst].name }} +data_directory = /var/lib/postfix-{{ postfix_instance[inst].name }} +multi_instance_group = {{ postfix_instance[inst].group | default('') }} +multi_instance_name = postfix-{{ postfix_instance[inst].name }} +multi_instance_enable = yes + +# This server is a Mail Delivery Agent +mynetworks_style = host +inet_interfaces = 172.16.0.1 +{% if 'MX' in group_names %} + 127.0.0.1 +{% endif %} +inet_protocols = ipv4 + +# No local delivery +mydestination = +local_transport = error:5.1.1 Mailbox unavailable +alias_maps = +alias_database = +local_recipient_maps = + +message_size_limit = 67108864 +recipient_delimiter = + + +# No relay: this server is inbound-only +relay_transport = error:5.1.1 Relay unavailable +default_transport = error:5.1.1 Transport unavailable + +# Virtual transport (the alias resolution is already done by the MX:es) +virtual_transport = lmtp:unix:private/dovecot-lmtpd +virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf +virtual_mailbox_maps = ldap:$config_directory/virtual/mailbox_maps.cf +mailbox_transport_maps = ldap:$config_directory/virtual/transport_content_filter_maps.cf + +# Don't rewrite remote headers +local_header_rewrite_clients = +# Tolerate occasional high latency +smtpd_timeout = 1200s diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf index b8bc458..fa8fed9 100644 --- a/roles/common/files/etc/postfix/master.cf +++ b/roles/common/files/etc/postfix/master.cf @@ -9,6 +9,8 @@ # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd +16132 inet n - - - - smtpd +2526 inet n - - - - smtpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr @@ -33,6 +35,9 @@ virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache -16132 inet n - - - - smtpd reserved-alias unix - n n - - pipe flags=Rhu user=mail argv=/usr/local/sbin/reserved-alias.pl ${original_recipient} @fripost.org +amavisfeed unix - - n - 2 lmtp + -o lmtp_destination_recipient_limit=1000 + -o lmtp_send_xforward_command=yes + -o lmtp_data_done_timeout=1200s diff --git a/roles/mx/templates/etc/postfix/main.cf.j2 b/roles/mx/templates/etc/postfix/main.cf.j2 index 8c1da35..a9ce8c4 100644 --- a/roles/mx/templates/etc/postfix/main.cf.j2 +++ b/roles/mx/templates/etc/postfix/main.cf.j2 @@ -9,8 +9,8 @@ biff = no readme_directory = no mail_owner = postfix -delay_warning_time = 4h -maximal_queue_lifetime = 5d +delay_warning_time = 4h +maximal_queue_lifetime = 5d myorigin = /etc/mailname myhostname = mx{{ mxno | default('') }}.$mydomain @@ -96,9 +96,9 @@ tls_random_source = dev:/dev/urandom # http://en.linuxreviews.org/HOWTO_Stop_spam_using_Postfix # http://www.howtoforge.com/block_spam_at_mta_level_postfix -strict_rfc821_envelopes = yes -smtpd_delay_reject = yes -disable_vrfy_command = yes +strict_rfc821_envelopes = yes +smtpd_delay_reject = yes +disable_vrfy_command = yes # UCE control invalid_hostname_reject_code = 554 -- cgit v1.2.3