summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/tasks/mda.yml
blob: 897a61db4b2c12f0325b09fe225f7fa1c30976fb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
- name: Install Postfix
  apt: pkg={{ item }}
  with_items:
    - postfix
    - postfix-ldap

- name: Configure Postfix
  template: src=etc/postfix/main.cf.j2
            dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
            owner=root group=root
            mode=0644
  notify:
    - Reload Postfix

- name: Copy the transport and recipient canonical maps
  copy: src=etc/postfix/{{ item }}
        dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }}
        owner=root group=root
        mode=0644
  with_items:
    # no need to reload upon change, as cleanup(8) is short-running
    - recipient_canonical.pcre
    - transport

- name: Build the Postfix relay clientcerts map
  sudo: False
  # smtpd_tls_fingerprint_digest MUST be sha256!
  local_action: shell openssl x509 -in certs/postfix/{{ item }}.pem -noout -fingerprint -sha256 | sed -nr 's/^.*=(.*)/\1 {{ item }}/p'
  with_items: groups.MX | difference([inventory_hostname]) | sort
  register: relay_clientcerts
  changed_when: False
  tags:
    - tls_policy

- name: Copy the Postfix relay clientcerts map
  template: src=etc/postfix/relay_clientcerts.j2
            dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts
            owner=root group=root
            mode=0644
  tags:
    - tls_policy

- name: Compile the Postfix relay clientcerts map
  postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb
           owner=root group=root
           mode=0644
  tags:
    - tls_policy

- name: Compile the Postfix transport maps
  # trivial-rewrite(8) is a long-running process, so it's safer to reload
  postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb
           owner=root group=root
           mode=0644
  notify:
    - Reload Postfix

- meta: flush_handlers

- name: Start Postfix
  service: name=postfix state=started