--- - name: Install postfix & tools package: name: # Postfix & routing plugins - postfix - postfix-ldap # RegExp based lookup tables - postfix-pcre # Relay routing utilities - postsrsd # Security and anti-spam tools - postfix-policyd-spf-python # Mail scripting utilities - mblaze - at state: present tags: - role::postfix - name: Configure /etc/mailname to mail hostname copy: content: "{{ postfix_mailname }}\n" dest: /etc/mailname owner: root group: root mode: "0644" tags: - role::postfix notify: - Reload postfix - name: Template Postfix main.cf config file template: src: main.cf.j2 dest: /etc/postfix/main.cf owner: root group: root mode: "0644" tags: - role::postfix notify: - Reload postfix - name: Template Postfix LDAP config files template: src: "{{ item.template }}" dest: "/etc/postfix/{{ item.filename }}" owner: root group: root mode: "0644" loop: - template: ldap/ldap-registeredaddress.cf.j2 filename: ldap-registeredaddress.cf - template: ldap/ldap-uid.cf.j2 filename: ldap-uid.cf - template: ldap/ldap-relay-recipients.cf.j2 filename: ldap-relay-recipients.cf - template: ldap/ldap-group-aliases.cf.j2 filename: ldap-group-aliases.cf - template: ldap/ldap-service-mail.cf.j2 filename: ldap-service-mail.cf tags: - role::postfix notify: - Reload postfix - name: Copy virtual address table template: src: virtual.j2 dest: /etc/postfix/virtual owner: root group: root mode: "0644" tags: - role::postfix notify: - Regenerate virtual table - Reload postfix - name: Copy policyd-spf config copy: src: policyd-spf.conf dest: /etc/postfix-policyd-spf-python/policyd-spf.conf mode: "0644" group: root owner: root tags: - role::postfix notify: - Restart postfix - name: Template sender canonical map lookup template: src: sender-canonical-maps.j2 dest: /etc/postfix/sender-canonical-maps mode: "0644" group: root owner: root tags: - role::postfix - name: Create Postfix service directory file: path: "/etc/postfix/service-scripts" owner: root group: servicemailer mode: "0755" state: directory tags: - role::postfix - name: Template Postfix automated scripts template: src: "{{ item }}" dest: "/etc/postfix/service-scripts/{{ item | basename | splitext | first }}" mode: "0754" owner: root group: servicemailer loop_control: label: "{{ item | basename | splitext | first }}" with_fileglob: "../templates/services/*" tags: - role::postfix - role::postfix::service-scripts - name: Template Postfix mail transport map template: src: transport.j2 dest: /etc/postfix/transport mode: "0644" owner: root group: root tags: - role::postfix notify: Regenerate transport table - name: Copy Postfix sender access list copy: src: sender_access dest: /etc/postfix/sender_access mode: "0644" owner: root group: root tags: - role::postfix notify: Regenerate sender access table - name: Template Postfix submission header checks template: src: header-checks-submission.j2 dest: /etc/postfix/header-checks-submission mode: "0o444" owner: root group: root notify: - Reload postfix tags: - role::postfix - name: Update PostSRSD rewriting config lineinfile: path: /etc/default/postsrsd regexp: "^#?{{ item['key'] }}=" line: '{{ item["key"] }}="{{ item["value"] }}"' mode: "0444" owner: root group: root loop: - key: SRS_EXCLUDE_DOMAINS value: "{{ postfix_destination_domains | join(',') }}" tags: - role::postfix notify: - Restart postsrsd - name: Pass inbound mail through spamassassin content filter lineinfile: path: /etc/postfix/master.cf insertafter: "smtp inet n - y - - smtpd" line: " -o content_filter=spamassassin" tags: - role::postfix notify: - Restart postfix - name: Add custom services to master.cf blockinfile: path: /etc/postfix/master.cf append_newline: true prepend_newline: true block: | policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/bin/policyd-spf submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=no -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o cleanup_service_name=authcleanup smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth cleanup-srs unix n - - - 0 cleanup -o syslog_name=postfix/cleanup/optional-srs -o sender_canonical_maps=pcre:/etc/postfix/sender-canonical-maps,tcp:127.0.0.1:10001 -o sender_canonical_classes=envelope_sender 127.0.0.1:10027 inet n - y - - smtpd -o syslog_name=postfix/cleanup/optional-srs -o smtpd_milters= -o cleanup_service_name=cleanup-srs -o smtpd_tls_security_level=none -o content_filter=smtp: -o smtpd_recipient_restrictions=permit_mynetworks,reject # spamassassin filtering spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} # authenticated submission cleanup authcleanup unix n - y - 0 cleanup -o header_checks=pcre:/etc/postfix/header-checks-submission -o nested_header_checks= # Service Mail pipes fortune-pipe unix - n n - - pipe flags=Fq user=servicemailer argv=/usr/bin/nice /etc/postfix/service-scripts/fortune-reply.sh fredrick-pipe unix - n n - - pipe flags=Fq user=servicemailer argv=/usr/bin/nice /etc/postfix/service-scripts/fredrick-reply.sh tags: - role::postfix - role::postfix::service-scripts notify: - Restart postfix