ansible-role-postfix/defaults/main.yml

230 lines
7.7 KiB
YAML

---
postfix_enabled: True
postfix_install_packages: '{{ postfix_enabled }}'
postfix_relay_rh_pkgs:
- postfix
- cyrus-sasl-lib
- cyrus-sasl-plain
- cyrus-sasl-md5
postfix_relay_deb_pkgs:
- postfix
- libsasl2-2
#############################################################################
# Set them to true when you want configure your machine to send email to a relay
#############################################################################
postfix_relay_client: False
postfix_use_relay_host: '{{ postfix_relay_client }}'
postfix_biff: "no"
postfix_append_dot_mydomain: "no"
postfix_smtp_helo_required: "yes"
postfix_helo_restrictions: True
postfix_smtp_delay_reject: "yes"
postfix_smtp_disable_vrfy: "yes"
postfix_use_letsencrypt: False
postfix_tls_encryption_level: 'intermediate'
postfix_tls_dhparam_size: 2048
postfix_tls_dhparam_file: /etc/postfix/dhparam.pem
# Accepted values: none, may, encrypt
postfix_smtpd_tls_security_level: encrypt
# Accepted values: none, may, encrypt, fingerprint, verify, secure. And from 2.11: dane, dane-only
postfix_smtp_tls_security_level: may
postfix_use_sasl_auth: True
postfix_smtp_sasl_auth_enable: "yes"
postfix_smtp_create_relay_user: True
# Options: noanonymous, noplaintext
postfix_smtp_sasl_security_options: noanonymous
postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
postfix_smtp_sasl_mechanism_filter: plain, login
# Set it in your vars files
#postfix_relay_host: smtp-relay.example.com
postfix_relay_port: 587
#postfix_smtp_relay_user: smtp-user
postfix_smtp_relay_user: '{{ ansible_fqdn }}'
# This one has to be set inside a vault file
#postfix_smtp_relay_pwd: 'set_you_password_here_in_a_vault_encrypted_file'
postfix_smtpd_reject_unknown_helo_hostname: False
postfix_reject_unknown_sender_domain: True
#############################################################################
# Relay server: accepts authenticated clients
#############################################################################
postfix_relay_server: False
#
postfix_use_milter: False
postfix_milter_connect_timeout: '30s'
postfix_milter_command_timeout: '30s'
postfix_milter_content_timeout: '300s'
postfix_spamassassin_milter: False
postfix_spamassassin_milter_socket: 'unix:/run/spamass-milter/postfix/sock'
postfix_clamav_milter: False
# inet:[127.0.0.1]:7357
postfix_clamav_milter_socket: 'unix:/run/clamav-milter/clamav-milter.socket'
# Specify accept, reject, tempfail, quarantine
postfix_milter_action: tempfail
#############################################################################
# SMTP server that not accept authenticated clients.
#############################################################################
postfix_smtpd_server: False
postfix_smtpd_server_restrictions:
- permit_mynetworks
- reject_unknown_recipient_domain
- reject_non_fqdn_recipient
- reject_unauth_destination
- reject_unauth_pipelining
- reject_unlisted_recipient
# SMTP server that routes emails coming from outside
#############################################################################
postfix_mx_server: False
postfix_smtpd_mx_client_restrictions:
- reject_unknown_sender_domain
- reject_non_fqdn_sender
- reject_non_fqdn_recipient
- reject_invalid_hostname
- reject_unauth_destination
- reject_unknown_recipient_domain
- reject_unlisted_recipient
#############################################################################
# SMTP sender restrictions
#############################################################################
postfix_smtpd_sender_restrictions: True
postfix_reject_sender_login_mismatch: False
postfix_smtpd_sender_login_maps: []
postfix_smtpd_additional_sender_restrictions: []
#############################################################################
# SMTP submission server: accepts authenticated clients
#############################################################################
postfix_submission_server: False
# Set it to True if needed, on submission servers only
postfix_add_missing_headers: False
###########################################################################################
# The following options are used when acting as a relay or as a general purpose SMTP server
###########################################################################################
postfix_use_inet_interfaces: False
postfix_inet_interfaces:
- all
postfix_inet_protocols:
- all
postfix_proxy_interfaces_enabled: False
postfix_proxy_interfaces:
- 127.0.0.1
postfix_message_size_limit: 10240000
postfix_sasl_deb_packages:
- sasl2-bin
postfix_sasl_rh_packages:
- cyrus-sasl
postfix_saslauthd_mech: 'pam'
postfix_saslauthd_flags: ''
postfix_saslauthd_conf_file: '/etc/saslauthd.conf'
#
postfix_sasl_ldap_servers: ldap://localhost
postfix_sasl_ldap_bind_dn: cn=saslauthd,ou=dsa,dc=example,dc=com
# postfix_sasl_ldap_bind_pw: set inside a vault file
postfix_sasl_ldap_timeout: 10
postfix_sasl_ldap_time_limit: 10
postfix_sasl_ldap_scope: sub
postfix_sasl_ldap_search_base: ou=people,dc=example,dc=com
postfix_sasl_ldap_auth_method: bind
postfix_sasl_ldap_filter: (&(uid=%u)(mail=*))
postfix_sasl_ldap_debug: 0
postfix_sasl_ldap_verbose: off
postfix_sasl_ldap_ssl: no
postfix_sasl_ldap_starttls: yes
postfix_sasl_ldap_referrals: no
#
postfix_use_domain_name: False
postfix_virtual_transport_enabled: False
postfix_virtual_transport_protocol: 'lmtp'
postfix_lmtp_protocol: 'inet'
postfix_lmtp_host: '127.0.0.1'
postfix_lmtp_port: 24
postfix_delivery_soft_bounce: False
postfix_recipient_delimiter: '+'
postfix_local_recipients: False
postfix_transport_map_enabled: False
postfix_transport_maps:
- 'hash:/etc/postfix/transport'
postfix_transport_data: []
#
# Example:
# postfix_transport_data:
# - { domain: 'example.com', action: 'smtp:[dest.smtp.example.com]:25' }
postfix_rbl_enabled: True
postfix_rbl_list: 'zen.spamhaus.org'
postfix_spamhaus_dbl_enabled: True
postfix_mynetworks: hash:/etc/postfix/network_table
postfix_mynetworks_data:
- '127.0.0.0/8'
- '127.0.0.1'
postfix_alias_maps:
- 'hash:/etc/aliases'
postfix_alias_databases: '{{ postfix_alias_maps }}'
postfix_virtual_addresses: False
postfix_hostname_as_virtual_domain: True
postfix_virtual_mailbox_domains: 'hash:/etc/postfix/virtual_domains'
postfix_virtual_mailbox_domains_data: []
#
# Example. The 'action' part is optional:
# postfix_virtual_mailbox_domains_data:
# - { domain: 'example.com', action: 'OK' }
postfix_virtual_mailbox_maps:
- 'hash:/etc/postfix/vmailbox_maps'
postfix_virtual_domains: False
postfix_virtual_alias_domains: 'hash:/etc/postfix/virtual_domains'
postfix_virtual_alias_domains_data: []
#
# Example. The 'action' part is optional:
# postfix_virtual_alias_domains_data:
# - { domain: 'example.com', action: 'OK' }
postfix_virtual_alias_maps:
- 'hash:/etc/postfix/virtual'
postfix_local_dest_concurrency_limit: 2
postfix_default_destination_concurrency_limit: 5
postfix_behind_haproxy: False
postfix_postscreen_port: 1024
postfix_pflogsumm_reports: False
postfix_pflogsumm_mail_report: False
postfix_pflogsumm_mail_report_address: 'postmaster'
postfix_pflogsumm_dir: /var/log/smtp_reports
postfix_pflogsumm_logfile: '{{ postfix_pflogsumm_dir }}/pflogsumm.log'
postfix_pflogsumm_options: '-d yesterday --problems_first --rej_add_from --verbose_msg_detail -q'
postfix_pflogsumm_reports_days: 10
#
# Nagios monitoring
#
postfix_nagios_check: False
postfix_nagios_checks:
- check_postfix_mailqueue
- check_postfix_processed
nagios_postfix_mailq_w: 20
nagios_postfix_mailq_c: 50
nagios_postfix_processed_w: 50
nagios_postfix_processed_c: 150
postfix_firewalld_services:
- { service: 'smtp', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
- { service: 'smtps', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
- { service: 'smtp-submission', state: 'enabled', zone: '{{ firewalld_default_zone }}' }