From ca315bf9c292d4757b67a86117e3182c1b0dd680 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Fri, 12 Dec 2014 14:28:47 +0100 Subject: Import postfix/mailman from rad --- roles/postfix/defaults/main.yml | 6 +++ roles/postfix/files/aliases | 5 +++ roles/postfix/files/smtpd.sasl.conf | 3 ++ roles/postfix/handlers/main.yml | 15 +++++++ roles/postfix/tasks/main.yml | 75 ++++++++++++++++++++++++++++++++ roles/postfix/templates/aliases.local | 4 ++ roles/postfix/templates/aliases.users | 5 +++ roles/postfix/templates/local_recipient | 4 ++ roles/postfix/templates/main.cf | 76 +++++++++++++++++++++++++++++++++ roles/postfix/templates/virtual_gid | 1 + roles/postfix/templates/virtual_mailbox | 5 +++ roles/postfix/templates/virtual_uid | 2 + 12 files changed, 201 insertions(+) create mode 100644 roles/postfix/defaults/main.yml create mode 100644 roles/postfix/files/aliases create mode 100644 roles/postfix/files/smtpd.sasl.conf create mode 100644 roles/postfix/handlers/main.yml create mode 100644 roles/postfix/tasks/main.yml create mode 100644 roles/postfix/templates/aliases.local create mode 100644 roles/postfix/templates/aliases.users create mode 100644 roles/postfix/templates/local_recipient create mode 100644 roles/postfix/templates/main.cf create mode 100644 roles/postfix/templates/virtual_gid create mode 100644 roles/postfix/templates/virtual_mailbox create mode 100644 roles/postfix/templates/virtual_uid (limited to 'roles/postfix') diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml new file mode 100644 index 0000000..4ce4f0a --- /dev/null +++ b/roles/postfix/defaults/main.yml @@ -0,0 +1,6 @@ +locals_users: [] +use_tls: True +use_sasl: False +use_local: False +postfix_key: /etc/pki/tls/private/postfix.key +postfix_cert: /etc/pki/tls/certs/postfix.pem diff --git a/roles/postfix/files/aliases b/roles/postfix/files/aliases new file mode 100644 index 0000000..3f03455 --- /dev/null +++ b/roles/postfix/files/aliases @@ -0,0 +1,5 @@ +# Basic system aliases -- these MUST be present. +# Ansible managed file, do not edit +# use postfix_aliases variable instead +mailer-daemon: postmaster +postmaster: root diff --git a/roles/postfix/files/smtpd.sasl.conf b/roles/postfix/files/smtpd.sasl.conf new file mode 100644 index 0000000..250057e --- /dev/null +++ b/roles/postfix/files/smtpd.sasl.conf @@ -0,0 +1,3 @@ +pwcheck_method: auxprop +auxprop_plugin: sasldb +mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml new file mode 100644 index 0000000..ad944ce --- /dev/null +++ b/roles/postfix/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: rebuild aliases + command: newaliases + +- name: restart postfix + service: name=postfix state=restarted + +- name: update postfix aliases + command: postalias /etc/postfix/aliases.{{ item }} + with_items: + - local + - users + +- name: update postfix maps + command: postmap /etc/postfix/local_recipient diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml new file mode 100644 index 0000000..9fd4d61 --- /dev/null +++ b/roles/postfix/tasks/main.yml @@ -0,0 +1,75 @@ +--- +- yum: name={{ item }} state=installed + with_items: + - postfix + +- set_fact: use_sasl=True + when: sasl_user is defined and sasl_pass is defined + +- set_fact: use_tls=True + when: use_sasl == True + +- set_fact: use_local=True + when: local_users is defined + +- service: name=postfix state=started enabled=yes + +- template: dest=/etc/postfix/main.cf src=main.cf + notify: restart postfix + +- copy: dest=/etc/aliases src=aliases + notify: rebuild aliases + +- template: dest=/etc/postfix/aliases.{{ item }} src=aliases.{{ item }} + notify: update postfix aliases + with_items: + - users + - local + +- shell: lokkit -s {{ item }} + with_items: + - smtp + when: ansible_distribution_major_version == '6' and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') + +- firewalld: service={{ item }} permanent=true state=enabled + with_items: + - smtp + when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7' + +- shell: create={{ postfix_cert }} openssl req -x509 -newkey rsa:2048 -keyout {{ postfix_key }} -out {{ postfix_cert }} -days 3650 -nodes -subj '/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc./OU=OSAS/CN={{ ansible_domain }}/emailAddress=postmaster@{{ ansible_domain }}' + when: use_tls +# TODO enforce proper permission on cert + selinux + +- group: name=mail + register: mail_group + +- user: name=nobody + register: nobody_user + when: use_local + +- file: state=directory path=/var/mail/discourse{{ item }} owner={{ nobody_user.uid }} group={{ mail_group.gid }} + with_items: + - / + - /cur + - /tmp + - /new + when: use_local + +- template: src={{ item }} dest=/etc/postfix/{{ item }} + notify: update postfix maps + with_items: + - local_recipient + when: use_local + + +- copy: src=smtpd.sasl.conf dest=/etc/sasl2/smtpd.conf + when: use_sasl +# TODO check if needed + notify: restart saslauthd + +- shell: echo {{ sasl_pass }} | saslpasswd2 -a smtpd -u {{ ansible_domain }} -c {{ sasl_user }} -p + when: use_sasl + +- file: path=/etc/sasldb2 owner=root group=mail mode=0640 + when: use_sasl + diff --git a/roles/postfix/templates/aliases.local b/roles/postfix/templates/aliases.local new file mode 100644 index 0000000..9b23aec --- /dev/null +++ b/roles/postfix/templates/aliases.local @@ -0,0 +1,4 @@ +{% for item in local_users %} +{{ item }}: /var/mail/{{ item }}/ +{% endfor %} + diff --git a/roles/postfix/templates/aliases.users b/roles/postfix/templates/aliases.users new file mode 100644 index 0000000..20ef480 --- /dev/null +++ b/roles/postfix/templates/aliases.users @@ -0,0 +1,5 @@ +{% for item in postfix_aliases %} +{{ item.alias }}: {% if item.mail is string %} {{ item.mail }} +{% else %} {{ item.mail |join(',') }} +{% endif %} +{% endfor %} diff --git a/roles/postfix/templates/local_recipient b/roles/postfix/templates/local_recipient new file mode 100644 index 0000000..39d554e --- /dev/null +++ b/roles/postfix/templates/local_recipient @@ -0,0 +1,4 @@ +{% for item in local_users %} +{{ item }} OK +{% endfor %} + diff --git a/roles/postfix/templates/main.cf b/roles/postfix/templates/main.cf new file mode 100644 index 0000000..22546d1 --- /dev/null +++ b/roles/postfix/templates/main.cf @@ -0,0 +1,76 @@ +queue_directory = /var/spool/postfix +command_directory = /usr/sbin +daemon_directory = /usr/libexec/postfix +data_directory = /var/lib/postfix +mail_owner = postfix + +inet_interfaces = all +inet_protocols = all + + +mydestination = $myhostname, + localhost.$mydomain, + localhost, + {{ ansible_domain }}, + {{ mailman_prefix | default('') }} + +unknown_local_recipient_reject_code = 550 + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +alias_maps = hash:/etc/aliases, +{% if use_local == True %} + hash:/etc/postfix/aliases.local, +{% endif %} + hash:/etc/postfix/aliases.mailman_default, + hash:/etc/postfix/aliases.mailman, + hash:/etc/postfix/aliases.users + + +{% if use_local == True %} +local_recipient_maps = hash:/etc/postfix/local_recipient, $alias_maps +{% endif %} + +recipient_delimiter = + + + +debug_peer_level = 2 +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +{% if use_tls == True %} +smtpd_tls_cert_file={{ postfix_cert }} +smtpd_tls_key_file={{ postfix_key }} +smtpd_use_tls=yes +{% endif %} + +{% if use_sasl == True %} +smtpd_tls_auth_only = yes +smtpd_sasl_auth_enable = yes +smtpd_sasl_application_name = smtpd +smtpd_sasl_local_domain = {{ ansible_domain }} +{% endif %} + +smtp_use_tls = yes + +sendmail_path = /usr/sbin/sendmail.postfix +newaliases_path = /usr/bin/newaliases.postfix +mailq_path = /usr/bin/mailq.postfix +setgid_group = postdrop + diff --git a/roles/postfix/templates/virtual_gid b/roles/postfix/templates/virtual_gid new file mode 100644 index 0000000..62f452c --- /dev/null +++ b/roles/postfix/templates/virtual_gid @@ -0,0 +1 @@ +@{{ ansible_domain }} {{ mail_group.gid }} diff --git a/roles/postfix/templates/virtual_mailbox b/roles/postfix/templates/virtual_mailbox new file mode 100644 index 0000000..ced3f62 --- /dev/null +++ b/roles/postfix/templates/virtual_mailbox @@ -0,0 +1,5 @@ +# user@{{ ansible_domain }} user +{% for item in local_users %} +{{ item }}@{{ ansible_domain }} {{ item }} +{% endfor %} + diff --git a/roles/postfix/templates/virtual_uid b/roles/postfix/templates/virtual_uid new file mode 100644 index 0000000..8ac4140 --- /dev/null +++ b/roles/postfix/templates/virtual_uid @@ -0,0 +1,2 @@ +# @manageiq.org 97 +@{{ ansible_domain }} {{ dovecot_user.uid }} -- cgit