230 lines
7.7 KiB
YAML
230 lines
7.7 KiB
YAML
---
|
|
postfix_enabled: True
|
|
postfix_install_packages: '{{ postfix_enabled }}'
|
|
|
|
postfix_relay_rh_pkgs:
|
|
- postfix
|
|
- cyrus-sasl-lib
|
|
- cyrus-sasl-plain
|
|
- cyrus-sasl-md5
|
|
|
|
postfix_relay_deb_pkgs:
|
|
- postfix
|
|
- libsasl2-2
|
|
|
|
#############################################################################
|
|
# Set them to true when you want configure your machine to send email to a relay
|
|
#############################################################################
|
|
postfix_relay_client: False
|
|
postfix_use_relay_host: '{{ postfix_relay_client }}'
|
|
postfix_biff: "no"
|
|
postfix_append_dot_mydomain: "no"
|
|
postfix_smtp_helo_required: "yes"
|
|
postfix_helo_restrictions: True
|
|
postfix_smtp_delay_reject: "yes"
|
|
postfix_smtp_disable_vrfy: "yes"
|
|
|
|
postfix_use_letsencrypt: False
|
|
postfix_tls_encryption_level: 'intermediate'
|
|
postfix_tls_dhparam_size: 2048
|
|
postfix_tls_dhparam_file: /etc/postfix/dhparam.pem
|
|
# Accepted values: none, may, encrypt
|
|
postfix_smtpd_tls_security_level: encrypt
|
|
# Accepted values: none, may, encrypt, fingerprint, verify, secure. And from 2.11: dane, dane-only
|
|
postfix_smtp_tls_security_level: may
|
|
postfix_use_sasl_auth: True
|
|
postfix_smtp_sasl_auth_enable: "yes"
|
|
postfix_smtp_create_relay_user: True
|
|
# Options: noanonymous, noplaintext
|
|
postfix_smtp_sasl_security_options: noanonymous
|
|
postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
|
|
postfix_smtp_sasl_mechanism_filter: plain, login
|
|
|
|
# Set it in your vars files
|
|
#postfix_relay_host: smtp-relay.example.com
|
|
postfix_relay_port: 587
|
|
#postfix_smtp_relay_user: smtp-user
|
|
postfix_smtp_relay_user: '{{ ansible_fqdn }}'
|
|
# This one has to be set inside a vault file
|
|
#postfix_smtp_relay_pwd: 'set_you_password_here_in_a_vault_encrypted_file'
|
|
postfix_smtpd_reject_unknown_helo_hostname: False
|
|
postfix_reject_unknown_sender_domain: True
|
|
#############################################################################
|
|
# Relay server: accepts authenticated clients
|
|
#############################################################################
|
|
postfix_relay_server: False
|
|
#
|
|
postfix_use_milter: False
|
|
postfix_milter_connect_timeout: '30s'
|
|
postfix_milter_command_timeout: '30s'
|
|
postfix_milter_content_timeout: '300s'
|
|
postfix_spamassassin_milter: False
|
|
postfix_spamassassin_milter_socket: 'unix:/run/spamass-milter/postfix/sock'
|
|
postfix_clamav_milter: False
|
|
# inet:[127.0.0.1]:7357
|
|
postfix_clamav_milter_socket: 'unix:/run/clamav-milter/clamav-milter.socket'
|
|
# Specify accept, reject, tempfail, quarantine
|
|
postfix_milter_action: tempfail
|
|
#############################################################################
|
|
# SMTP server that not accept authenticated clients.
|
|
#############################################################################
|
|
postfix_smtpd_server: False
|
|
postfix_smtpd_server_restrictions:
|
|
- permit_mynetworks
|
|
- reject_unknown_recipient_domain
|
|
- reject_non_fqdn_recipient
|
|
- reject_unauth_destination
|
|
- reject_unauth_pipelining
|
|
- reject_unlisted_recipient
|
|
|
|
# SMTP server that routes emails coming from outside
|
|
#############################################################################
|
|
postfix_mx_server: False
|
|
postfix_smtpd_mx_client_restrictions:
|
|
- reject_unknown_sender_domain
|
|
- reject_non_fqdn_sender
|
|
- reject_non_fqdn_recipient
|
|
- reject_invalid_hostname
|
|
- reject_unauth_destination
|
|
- reject_unknown_recipient_domain
|
|
- reject_unlisted_recipient
|
|
|
|
#############################################################################
|
|
# SMTP sender restrictions
|
|
#############################################################################
|
|
postfix_smtpd_sender_restrictions: True
|
|
postfix_reject_sender_login_mismatch: False
|
|
postfix_smtpd_sender_login_maps: []
|
|
postfix_smtpd_additional_sender_restrictions: []
|
|
#############################################################################
|
|
# SMTP submission server: accepts authenticated clients
|
|
#############################################################################
|
|
postfix_submission_server: False
|
|
# Set it to True if needed, on submission servers only
|
|
postfix_add_missing_headers: False
|
|
###########################################################################################
|
|
# The following options are used when acting as a relay or as a general purpose SMTP server
|
|
###########################################################################################
|
|
postfix_use_inet_interfaces: False
|
|
postfix_inet_interfaces:
|
|
- all
|
|
postfix_inet_protocols:
|
|
- all
|
|
postfix_proxy_interfaces_enabled: False
|
|
postfix_proxy_interfaces:
|
|
- 127.0.0.1
|
|
postfix_message_size_limit: 10240000
|
|
|
|
postfix_sasl_deb_packages:
|
|
- sasl2-bin
|
|
|
|
postfix_sasl_rh_packages:
|
|
- cyrus-sasl
|
|
|
|
postfix_saslauthd_mech: 'pam'
|
|
postfix_saslauthd_flags: ''
|
|
postfix_saslauthd_conf_file: '/etc/saslauthd.conf'
|
|
#
|
|
postfix_sasl_ldap_servers: ldap://localhost
|
|
postfix_sasl_ldap_bind_dn: cn=saslauthd,ou=dsa,dc=example,dc=com
|
|
# postfix_sasl_ldap_bind_pw: set inside a vault file
|
|
postfix_sasl_ldap_timeout: 10
|
|
postfix_sasl_ldap_time_limit: 10
|
|
postfix_sasl_ldap_scope: sub
|
|
postfix_sasl_ldap_search_base: ou=people,dc=example,dc=com
|
|
postfix_sasl_ldap_auth_method: bind
|
|
postfix_sasl_ldap_filter: (&(uid=%u)(mail=*))
|
|
postfix_sasl_ldap_debug: 0
|
|
postfix_sasl_ldap_verbose: off
|
|
postfix_sasl_ldap_ssl: no
|
|
postfix_sasl_ldap_starttls: yes
|
|
postfix_sasl_ldap_referrals: no
|
|
#
|
|
|
|
postfix_use_domain_name: False
|
|
postfix_virtual_transport_enabled: False
|
|
postfix_virtual_transport_protocol: 'lmtp'
|
|
postfix_lmtp_protocol: 'inet'
|
|
postfix_lmtp_host: '127.0.0.1'
|
|
postfix_lmtp_port: 24
|
|
postfix_delivery_soft_bounce: False
|
|
postfix_recipient_delimiter: '+'
|
|
postfix_local_recipients: False
|
|
postfix_transport_map_enabled: False
|
|
postfix_transport_maps:
|
|
- 'hash:/etc/postfix/transport'
|
|
|
|
postfix_transport_data: []
|
|
#
|
|
# Example:
|
|
# postfix_transport_data:
|
|
# - { domain: 'example.com', action: 'smtp:[dest.smtp.example.com]:25' }
|
|
postfix_rbl_enabled: True
|
|
postfix_rbl_list: 'zen.spamhaus.org'
|
|
postfix_spamhaus_dbl_enabled: True
|
|
|
|
postfix_mynetworks: hash:/etc/postfix/network_table
|
|
postfix_mynetworks_data:
|
|
- '127.0.0.0/8'
|
|
- '127.0.0.1'
|
|
|
|
postfix_alias_maps:
|
|
- 'hash:/etc/aliases'
|
|
|
|
postfix_alias_databases: '{{ postfix_alias_maps }}'
|
|
|
|
postfix_virtual_addresses: False
|
|
postfix_hostname_as_virtual_domain: True
|
|
postfix_virtual_mailbox_domains: 'hash:/etc/postfix/virtual_domains'
|
|
postfix_virtual_mailbox_domains_data: []
|
|
#
|
|
# Example. The 'action' part is optional:
|
|
# postfix_virtual_mailbox_domains_data:
|
|
# - { domain: 'example.com', action: 'OK' }
|
|
|
|
postfix_virtual_mailbox_maps:
|
|
- 'hash:/etc/postfix/vmailbox_maps'
|
|
|
|
postfix_virtual_domains: False
|
|
postfix_virtual_alias_domains: 'hash:/etc/postfix/virtual_domains'
|
|
postfix_virtual_alias_domains_data: []
|
|
#
|
|
# Example. The 'action' part is optional:
|
|
# postfix_virtual_alias_domains_data:
|
|
# - { domain: 'example.com', action: 'OK' }
|
|
|
|
postfix_virtual_alias_maps:
|
|
- 'hash:/etc/postfix/virtual'
|
|
|
|
postfix_local_dest_concurrency_limit: 2
|
|
postfix_default_destination_concurrency_limit: 5
|
|
|
|
postfix_behind_haproxy: False
|
|
postfix_postscreen_port: 1024
|
|
|
|
postfix_pflogsumm_reports: False
|
|
postfix_pflogsumm_mail_report: False
|
|
postfix_pflogsumm_mail_report_address: 'postmaster'
|
|
postfix_pflogsumm_dir: /var/log/smtp_reports
|
|
postfix_pflogsumm_logfile: '{{ postfix_pflogsumm_dir }}/pflogsumm.log'
|
|
postfix_pflogsumm_options: '-d yesterday --problems_first --rej_add_from --verbose_msg_detail -q'
|
|
postfix_pflogsumm_reports_days: 10
|
|
#
|
|
# Nagios monitoring
|
|
#
|
|
postfix_nagios_check: False
|
|
postfix_nagios_checks:
|
|
- check_postfix_mailqueue
|
|
- check_postfix_processed
|
|
|
|
nagios_postfix_mailq_w: 20
|
|
nagios_postfix_mailq_c: 50
|
|
nagios_postfix_processed_w: 50
|
|
nagios_postfix_processed_c: 150
|
|
|
|
postfix_firewalld_services:
|
|
- { service: 'smtp', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
|
- { service: 'smtps', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
|
- { service: 'smtp-submission', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
|
|