blob: 4b389743709cb4d7265f1d3847d0915a9e739a91 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
- name: Install Postfix
apt: pkg={{ packages }}
vars:
packages:
- postfix
- postfix-lmdb
- postfix-pcre
- postfix-policyd-spf-python
- name: Install Net::LDAP and Authen::SASL
apt: pkg={{ packages }}
vars:
packages:
- libnet-ldap-perl
- libauthen-sasl-perl
- name: Copy Postfix sender login socketmap
copy: src=usr/local/bin/postfix-sender-login.pl
dest=/usr/local/bin/postfix-sender-login.pl
owner=root group=staff
mode=0755
- name: Create '_postfix-sender-login' user
user: name=_postfix-sender-login system=yes
group=nogroup
createhome=no
home=/nonexistent
shell=/usr/sbin/nologin
password=!
state=present
- name: Copy Postfix sender login socketmap systemd unit files
copy: src=etc/systemd/system/{{ item }}
dest=/etc/systemd/system/{{ item }}
owner=root group=root
mode=0644
with_items:
- postfix-sender-login.service
- postfix-sender-login.socket
notify:
- systemctl daemon-reload
- meta: flush_handlers
- name: Enable Postfix sender login socketmap
service: name=postfix-sender-login.socket state=started enabled=yes
- name: Configure Postfix
template: src=etc/postfix/{{ item }}.j2
dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }}
owner=root group=root
mode=0644
with_items:
- main.cf
- master.cf
notify:
- Reload Postfix
- name: Copy the Regex to anonymize senders
# no need to reload upon change, as cleanup(8) is short-running
copy: src=etc/postfix/anonymize_sender.pcre
dest=/etc/postfix-{{ postfix_instance[inst].name }}/anonymize_sender.pcre
owner=root group=root
mode=0644
- name: Copy the check_sender_access map
copy: src=etc/postfix/check_sender_access
dest=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access
owner=root group=root
mode=0644
- name: Compile the check_sender_access map
# no need to reload upon change, as cleanup(8) is short-running
postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=lmdb
owner=root group=root
mode=0644
notify:
- Reload Postfix
- name: Configure policyd-spf
template: src=etc/postfix-policyd-spf-python/policyd-spf.conf.j2
dest=/etc/postfix-policyd-spf-python/policyd-spf.conf
owner=root group=root
mode=0644
# Reload Postifx to terminate spawn(8) daemon children
notify:
- Reload Postfix
- name: Create directory /etc/postfix/ssl
file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl
state=directory
owner=root group=root
mode=0755
tags:
- genkey
- meta: flush_handlers
- name: Start Postfix
service: name=postfix state=started
- name: Fetch Postfix's X.509 certificate
# Ensure we don't fetch private data
become: False
# `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
fetch_cmd: cmd="openssl x509 -noout -pubkey"
stdin=/etc/postfix-{{ postfix_instance[inst].name }}/ssl/smtp.fripost.org.pem
dest=certs/public/smtp.fripost.org.pub
tags:
- genkey
- name: Install 'postfix_mailqueue_' Munin wildcard plugin
file: src=/usr/local/share/munin/plugins/postfix_mailqueue_
dest=/etc/munin/plugins/postfix_mailqueue_postfix-{{ postfix_instance[inst].name }}
owner=root group=root
state=link force=yes
tags:
- munin
- munin-node
notify:
- Restart munin-node
- name: Install 'postfix_stats_' Munin wildcard plugin
file: src=/usr/local/share/munin/plugins/postfix_stats_
dest=/etc/munin/plugins/postfix_stats_{{ item }}_postfix-{{ postfix_instance[inst].name }}
owner=root group=root
state=link force=yes
with_items:
- smtpd
- qmgr
- smtp
tags:
- munin
- munin-node
notify:
- Restart munin-node
- name: Install 'postfix_sasl_' Munin wildcard plugin
file: src=/usr/local/share/munin/plugins/postfix_sasl_
dest=/etc/munin/plugins/postfix_sasl_postfix-{{ postfix_instance[inst].name }}
owner=root group=root
state=link force=yes
tags:
- munin
- munin-node
notify:
- Restart munin-node
|