summaryrefslogtreecommitdiffstats
path: root/roles/postfix
diff options
context:
space:
mode:
Diffstat (limited to 'roles/postfix')
-rw-r--r--roles/postfix/defaults/main.yml6
-rw-r--r--roles/postfix/files/aliases5
-rw-r--r--roles/postfix/files/smtpd.sasl.conf3
-rw-r--r--roles/postfix/handlers/main.yml15
-rw-r--r--roles/postfix/tasks/main.yml75
-rw-r--r--roles/postfix/templates/aliases.local4
-rw-r--r--roles/postfix/templates/aliases.users5
-rw-r--r--roles/postfix/templates/local_recipient4
-rw-r--r--roles/postfix/templates/main.cf76
-rw-r--r--roles/postfix/templates/virtual_gid1
-rw-r--r--roles/postfix/templates/virtual_mailbox5
-rw-r--r--roles/postfix/templates/virtual_uid2
12 files changed, 201 insertions, 0 deletions
diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml
new file mode 100644
index 0000000..4ce4f0a
--- /dev/null
+++ b/roles/postfix/defaults/main.yml
@@ -0,0 +1,6 @@
+locals_users: []
+use_tls: True
+use_sasl: False
+use_local: False
+postfix_key: /etc/pki/tls/private/postfix.key
+postfix_cert: /etc/pki/tls/certs/postfix.pem
diff --git a/roles/postfix/files/aliases b/roles/postfix/files/aliases
new file mode 100644
index 0000000..3f03455
--- /dev/null
+++ b/roles/postfix/files/aliases
@@ -0,0 +1,5 @@
+# Basic system aliases -- these MUST be present.
+# Ansible managed file, do not edit
+# use postfix_aliases variable instead
+mailer-daemon: postmaster
+postmaster: root
diff --git a/roles/postfix/files/smtpd.sasl.conf b/roles/postfix/files/smtpd.sasl.conf
new file mode 100644
index 0000000..250057e
--- /dev/null
+++ b/roles/postfix/files/smtpd.sasl.conf
@@ -0,0 +1,3 @@
+pwcheck_method: auxprop
+auxprop_plugin: sasldb
+mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
new file mode 100644
index 0000000..ad944ce
--- /dev/null
+++ b/roles/postfix/handlers/main.yml
@@ -0,0 +1,15 @@
+---
+- name: rebuild aliases
+ command: newaliases
+
+- name: restart postfix
+ service: name=postfix state=restarted
+
+- name: update postfix aliases
+ command: postalias /etc/postfix/aliases.{{ item }}
+ with_items:
+ - local
+ - users
+
+- name: update postfix maps
+ command: postmap /etc/postfix/local_recipient
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
new file mode 100644
index 0000000..9fd4d61
--- /dev/null
+++ b/roles/postfix/tasks/main.yml
@@ -0,0 +1,75 @@
+---
+- yum: name={{ item }} state=installed
+ with_items:
+ - postfix
+
+- set_fact: use_sasl=True
+ when: sasl_user is defined and sasl_pass is defined
+
+- set_fact: use_tls=True
+ when: use_sasl == True
+
+- set_fact: use_local=True
+ when: local_users is defined
+
+- service: name=postfix state=started enabled=yes
+
+- template: dest=/etc/postfix/main.cf src=main.cf
+ notify: restart postfix
+
+- copy: dest=/etc/aliases src=aliases
+ notify: rebuild aliases
+
+- template: dest=/etc/postfix/aliases.{{ item }} src=aliases.{{ item }}
+ notify: update postfix aliases
+ with_items:
+ - users
+ - local
+
+- shell: lokkit -s {{ item }}
+ with_items:
+ - smtp
+ when: ansible_distribution_major_version == '6' and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat')
+
+- firewalld: service={{ item }} permanent=true state=enabled
+ with_items:
+ - smtp
+ when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7'
+
+- shell: create={{ postfix_cert }} openssl req -x509 -newkey rsa:2048 -keyout {{ postfix_key }} -out {{ postfix_cert }} -days 3650 -nodes -subj '/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc./OU=OSAS/CN={{ ansible_domain }}/emailAddress=postmaster@{{ ansible_domain }}'
+ when: use_tls
+# TODO enforce proper permission on cert + selinux
+
+- group: name=mail
+ register: mail_group
+
+- user: name=nobody
+ register: nobody_user
+ when: use_local
+
+- file: state=directory path=/var/mail/discourse{{ item }} owner={{ nobody_user.uid }} group={{ mail_group.gid }}
+ with_items:
+ - /
+ - /cur
+ - /tmp
+ - /new
+ when: use_local
+
+- template: src={{ item }} dest=/etc/postfix/{{ item }}
+ notify: update postfix maps
+ with_items:
+ - local_recipient
+ when: use_local
+
+
+- copy: src=smtpd.sasl.conf dest=/etc/sasl2/smtpd.conf
+ when: use_sasl
+# TODO check if needed
+ notify: restart saslauthd
+
+- shell: echo {{ sasl_pass }} | saslpasswd2 -a smtpd -u {{ ansible_domain }} -c {{ sasl_user }} -p
+ when: use_sasl
+
+- file: path=/etc/sasldb2 owner=root group=mail mode=0640
+ when: use_sasl
+
diff --git a/roles/postfix/templates/aliases.local b/roles/postfix/templates/aliases.local
new file mode 100644
index 0000000..9b23aec
--- /dev/null
+++ b/roles/postfix/templates/aliases.local
@@ -0,0 +1,4 @@
+{% for item in local_users %}
+{{ item }}: /var/mail/{{ item }}/
+{% endfor %}
+
diff --git a/roles/postfix/templates/aliases.users b/roles/postfix/templates/aliases.users
new file mode 100644
index 0000000..20ef480
--- /dev/null
+++ b/roles/postfix/templates/aliases.users
@@ -0,0 +1,5 @@
+{% for item in postfix_aliases %}
+{{ item.alias }}: {% if item.mail is string %} {{ item.mail }}
+{% else %} {{ item.mail |join(',') }}
+{% endif %}
+{% endfor %}
diff --git a/roles/postfix/templates/local_recipient b/roles/postfix/templates/local_recipient
new file mode 100644
index 0000000..39d554e
--- /dev/null
+++ b/roles/postfix/templates/local_recipient
@@ -0,0 +1,4 @@
+{% for item in local_users %}
+{{ item }} OK
+{% endfor %}
+
diff --git a/roles/postfix/templates/main.cf b/roles/postfix/templates/main.cf
new file mode 100644
index 0000000..22546d1
--- /dev/null
+++ b/roles/postfix/templates/main.cf
@@ -0,0 +1,76 @@
+queue_directory = /var/spool/postfix
+command_directory = /usr/sbin
+daemon_directory = /usr/libexec/postfix
+data_directory = /var/lib/postfix
+mail_owner = postfix
+
+inet_interfaces = all
+inet_protocols = all
+
+
+mydestination = $myhostname,
+ localhost.$mydomain,
+ localhost,
+ {{ ansible_domain }},
+ {{ mailman_prefix | default('') }}
+
+unknown_local_recipient_reject_code = 550
+
+# ALIAS DATABASE
+#
+# The alias_maps parameter specifies the list of alias databases used
+# by the local delivery agent. The default list is system dependent.
+#
+# On systems with NIS, the default is to search the local alias
+# database, then the NIS alias database. See aliases(5) for syntax
+# details.
+#
+# If you change the alias database, run "postalias /etc/aliases" (or
+# wherever your system stores the mail alias file), or simply run
+# "newaliases" to build the necessary DBM or DB file.
+#
+# It will take a minute or so before changes become visible. Use
+# "postfix reload" to eliminate the delay.
+#
+#alias_maps = dbm:/etc/aliases
+alias_maps = hash:/etc/aliases,
+{% if use_local == True %}
+ hash:/etc/postfix/aliases.local,
+{% endif %}
+ hash:/etc/postfix/aliases.mailman_default,
+ hash:/etc/postfix/aliases.mailman,
+ hash:/etc/postfix/aliases.users
+
+
+{% if use_local == True %}
+local_recipient_maps = hash:/etc/postfix/local_recipient, $alias_maps
+{% endif %}
+
+recipient_delimiter = +
+
+
+debug_peer_level = 2
+debugger_command =
+ PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+ ddd $daemon_directory/$process_name $process_id & sleep 5
+
+{% if use_tls == True %}
+smtpd_tls_cert_file={{ postfix_cert }}
+smtpd_tls_key_file={{ postfix_key }}
+smtpd_use_tls=yes
+{% endif %}
+
+{% if use_sasl == True %}
+smtpd_tls_auth_only = yes
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_application_name = smtpd
+smtpd_sasl_local_domain = {{ ansible_domain }}
+{% endif %}
+
+smtp_use_tls = yes
+
+sendmail_path = /usr/sbin/sendmail.postfix
+newaliases_path = /usr/bin/newaliases.postfix
+mailq_path = /usr/bin/mailq.postfix
+setgid_group = postdrop
+
diff --git a/roles/postfix/templates/virtual_gid b/roles/postfix/templates/virtual_gid
new file mode 100644
index 0000000..62f452c
--- /dev/null
+++ b/roles/postfix/templates/virtual_gid
@@ -0,0 +1 @@
+@{{ ansible_domain }} {{ mail_group.gid }}
diff --git a/roles/postfix/templates/virtual_mailbox b/roles/postfix/templates/virtual_mailbox
new file mode 100644
index 0000000..ced3f62
--- /dev/null
+++ b/roles/postfix/templates/virtual_mailbox
@@ -0,0 +1,5 @@
+# user@{{ ansible_domain }} user
+{% for item in local_users %}
+{{ item }}@{{ ansible_domain }} {{ item }}
+{% endfor %}
+
diff --git a/roles/postfix/templates/virtual_uid b/roles/postfix/templates/virtual_uid
new file mode 100644
index 0000000..8ac4140
--- /dev/null
+++ b/roles/postfix/templates/virtual_uid
@@ -0,0 +1,2 @@
+# @manageiq.org 97
+@{{ ansible_domain }} {{ dovecot_user.uid }}