From 2c925ea17fcb6f71826e5c0f30f99c5daba10e14 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 4 Jun 2015 20:26:53 +0200
Subject: Make the webmail connect directly to the outgoing SMTP proxy.

(Hence delete the 'webmail' Postfix instance.)  This shortens the delay
caused by the recipient verification probes.
---
 roles/webmail/tasks/mail.yml      | 42 ++++++++++++++++++++++++++++++---------
 roles/webmail/tasks/main.yml      |  1 +
 roles/webmail/tasks/roundcube.yml |  2 +-
 3 files changed, 35 insertions(+), 10 deletions(-)

(limited to 'roles/webmail/tasks')

diff --git a/roles/webmail/tasks/mail.yml b/roles/webmail/tasks/mail.yml
index e2dea38..7603a56 100644
--- a/roles/webmail/tasks/mail.yml
+++ b/roles/webmail/tasks/mail.yml
@@ -1,15 +1,39 @@
-- name: Install Postfix
-  apt: pkg=postfix
+- name: Install stunnel
+  apt: pkg=stunnel4
 
-- name: Configure Postfix
-  template: src=etc/postfix/main.cf.j2
-            dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
+- name: Auto-enable stunnel
+  lineinfile: dest=/etc/default/stunnel4
+              regexp='^(\s*#)?\s*ENABLED='
+              line='ENABLED=1'
+              owner=root group=root
+              mode=0644
+
+- name: Create /etc/stunnel/certs
+  file: path=/etc/stunnel/certs
+        state=directory
+        owner=root group=root
+        mode=0755
+
+- name: Copy the SMTP outgoing proxy's X.509 certificate
+  assemble: src=certs/postfix regexp="{{ groups.out | difference([inventory_hostname]) | join('|') }}\.pem$" remote_src=no
+            dest=/etc/stunnel/certs/postfix.pem
             owner=root group=root
             mode=0644
+  register: r1
   notify:
-    - Reload Postfix
+    - Restart stunnel
 
-- meta: flush_handlers
+- name: Configure stunnel
+  template: src=etc/stunnel/postfix.conf.j2
+            dest=/etc/stunnel/postfix.conf
+            owner=root group=root
+            mode=0644
+  register: r2
+  notify:
+    - Restart stunnel
 
-- name: Start Postfix
-  service: name=postfix state=started
+- name: Start stunnel
+  service: name=stunnel4 pattern=/usr/bin/stunnel4 state=started
+  when: not (r1.changed or r2.changed)
+
+- meta: flush_handlers
diff --git a/roles/webmail/tasks/main.yml b/roles/webmail/tasks/main.yml
index a6eeee2..030a547 100644
--- a/roles/webmail/tasks/main.yml
+++ b/roles/webmail/tasks/main.yml
@@ -1,2 +1,3 @@
 - include: mail.yml      tags=postfix,mail
+  when: "'out' not in group_names"
 - include: roundcube.yml tags=roundcube,webmail
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml
index ebe93c8..5392242 100644
--- a/roles/webmail/tasks/roundcube.yml
+++ b/roles/webmail/tasks/roundcube.yml
@@ -36,7 +36,7 @@
     - { var: messages_cache,         value: "null"        }
     # SMTP
     - { var: smtp_server,            value: "'localhost'" }
-    - { var: smtp_port,              value: "2580"        }
+    - { var: smtp_port,              value: "2525"        }
     # System
     - { var: force_https,            value: "TRUE"                     }
     - { var: login_autocomplete,     value: "2"                        }
-- 
cgit v1.2.3