Clean up SASL logic from postfix

Per Joe's comment here [1].

[1]: https://github.com/python-discord/infra/issues/478#issuecomment-2306107672

2 files changed, 16 insertions, 19 deletions

diff --git a/ansible/roles/sasl/files/smtpd.conf b/ansible/roles/sasl/files/smtpd.conf
deleted file mode 100644
index 18d7308..0000000
--- a/ansible/roles/sasl/files/smtpd.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-pwcheck_method: saslauthd
-mech_list: plain login
diff --git a/ansible/roles/sasl/tasks/main.yml b/ansible/roles/sasl/tasks/main.yml
index 4133a23..f7884e3 100644
--- a/ansible/roles/sasl/tasks/main.yml
+++ b/ansible/roles/sasl/tasks/main.yml
@@ -9,18 +9,6 @@
   tags:
     - role::sasl
 
-- name: Copy Postfix SASL configuration
-  copy:
-    src: smtpd.conf
-    dest: /etc/postfix/sasl/smtpd.conf
-    mode: "0644"
-    owner: root
-    group: root
-  tags:
-    - role::sasl
-  notify:
-    - Reload postfix
-
 - name: Update SASL authentication daemon preferences
   lineinfile:
     path: /etc/default/saslauthd
@@ -55,13 +43,24 @@
   notify:
     - Reload SASL
 
-- name: Add Postfix to SASL group
-  user:
-    name: postfix
-    groups: sasl
-    append: true
+# BEGIN temporary tasks. Can be removed after initial deploy.
+- name: Remove Postfix from SASL group
+  command: "gpasswd -d postfix sasl"
+  register: command_result
+  changed_when: "not 'is not a member of' in command_result.stderr"
+  failed_when: false
+  tags:
+    - role::sasl
+
+- name: Remove Postfix SASL configuration
+  file:
+    path: /etc/postfix/sasl/smtpd.conf
+    state: absent
   tags:
     - role::sasl
+  notify:
+    - Reload postfix
+# END temporary tasks. Can be removed after initial deploy.
 
 - name: Enable and start SASL authentication daemon
   service: