blob: 698fd4fe113ae818455c2cfa5cea7b2876ffdb47 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
- name: Install Postfix
apt: pkg={{ item }}
with_items:
- postfix
- postfix-ldap
- name: Configure Postfix
template: src=etc/postfix/main.cf.j2
dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
owner=root group=root
mode=0644
notify:
- Reload Postfix
- name: Create directory /etc/postfix-.../virtual
file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
state=directory
owner=root group=root
mode=0755
- name: Copy lookup tables
copy: src=etc/postfix/virtual/{{ item }}
dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
owner=root group=root
mode=0644
with_items:
- mailbox_domains.cf
- mailbox.cf
- transport_content_filter.cf
- name: Copy recipient canonical
# no need to reload upon change, as cleanup(8) is short-running
copy: src=etc/postfix/recipient_canonical.pcre
dest=/etc/postfix-{{ postfix_instance[inst].name }}/recipient_canonical.pcre
owner=root group=root
mode=0644
- name: Build the Postfix relay clientcerts map
sudo: False
# smtpd_tls_fingerprint_digest MUST be sha256!
local_action: shell openssl x509 -in certs/postfix/{{ item }}.pem -noout -fingerprint -sha256 | sed -nr 's/^.*=(.*)/\1 {{ item }}/p'
with_items: groups.MX | difference([inventory_hostname]) | sort
register: relay_clientcerts
changed_when: False
tags:
- tls_policy
- name: Copy the Postfix relay clientcerts map
template: src=etc/postfix/relay_clientcerts.j2
dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts
owner=root group=root
mode=0644
tags:
- tls_policy
- name: Compile the Postfix relay clientcerts map
postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb
owner=root group=root
mode=0644
tags:
- tls_policy
- meta: flush_handlers
- name: Start Postfix
service: name=postfix state=started
|