- name: Install Postfix apt: pkg={{ packages }} vars: packages: - postfix - postfix-pcre - postfix-policyd-spf-python - name: Install Net::LDAP and Authen::SASL apt: pkg={{ packages }} vars: packages: - libnet-ldap-perl - libauthen-sasl-perl - name: Copy Postfix sender login socketmap copy: src=usr/local/bin/postfix-sender-login.pl dest=/usr/local/bin/postfix-sender-login.pl owner=root group=staff mode=0755 - name: Create '_postfix-sender-login' user user: name=_postfix-sender-login system=yes group=nogroup createhome=no home=/nonexistent shell=/usr/sbin/nologin password=! state=present - name: Copy Postfix sender login socketmap systemd unit files copy: src=etc/systemd/system/{{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 with_items: - postfix-sender-login.service - postfix-sender-login.socket notify: - systemctl daemon-reload - meta: flush_handlers - name: Enable Postfix sender login socketmap service: name=postfix-sender-login.socket state=started enabled=yes - name: Configure Postfix template: src=etc/postfix/{{ item }}.j2 dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }} owner=root group=root mode=0644 with_items: - main.cf - master.cf notify: - Reload Postfix - name: Copy the Regex to anonymize senders # no need to reload upon change, as cleanup(8) is short-running copy: src=etc/postfix/anonymize_sender.pcre dest=/etc/postfix-{{ postfix_instance[inst].name }}/anonymize_sender.pcre owner=root group=root mode=0644 - name: Copy the check_sender_access map copy: src=etc/postfix/check_sender_access dest=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access owner=root group=root mode=0644 - name: Compile the check_sender_access map # no need to reload upon change, as cleanup(8) is short-running postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=lmdb owner=root group=root mode=0644 notify: - Reload Postfix - name: Configure policyd-spf template: src=etc/postfix-policyd-spf-python/policyd-spf.conf.j2 dest=/etc/postfix-policyd-spf-python/policyd-spf.conf owner=root group=root mode=0644 # Reload Postifx to terminate spawn(8) daemon children notify: - Reload Postfix - name: Create directory /etc/postfix/ssl file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl state=directory owner=root group=root mode=0755 tags: - genkey - meta: flush_handlers - name: Start Postfix service: name=postfix state=started - name: Fetch Postfix's X.509 certificate # Ensure we don't fetch private data become: False # `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file` fetch_cmd: cmd="openssl x509 -noout -pubkey" stdin=/etc/postfix-{{ postfix_instance[inst].name }}/ssl/smtp.fripost.org.pem dest=certs/public/smtp.fripost.org.pub tags: - genkey - name: Install 'postfix_mailqueue_' Munin wildcard plugin file: src=/usr/local/share/munin/plugins/postfix_mailqueue_ dest=/etc/munin/plugins/postfix_mailqueue_postfix-{{ postfix_instance[inst].name }} owner=root group=root state=link force=yes tags: - munin - munin-node notify: - Restart munin-node - name: Install 'postfix_stats_' Munin wildcard plugin file: src=/usr/local/share/munin/plugins/postfix_stats_ dest=/etc/munin/plugins/postfix_stats_{{ item }}_postfix-{{ postfix_instance[inst].name }} owner=root group=root state=link force=yes with_items: - smtpd - qmgr - smtp tags: - munin - munin-node notify: - Restart munin-node - name: Install 'postfix_sasl_' Munin wildcard plugin file: src=/usr/local/share/munin/plugins/postfix_sasl_ dest=/etc/munin/plugins/postfix_sasl_postfix-{{ postfix_instance[inst].name }} owner=root group=root state=link force=yes tags: - munin - munin-node notify: - Restart munin-node