infra/ansible-role-mailserver
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Julian Rother 2025-01-29 03:02:15 +01:00
commit a5e756c280
Signed by: julian
GPG key ID: C19B924C0CD13341
18 changed files with 754 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

65
defaults/main.yml Normal file
View file

@ -0,0 +1,65 @@
mailserver:
tls_cert: "/etc/ssl/{{ inventory_hostname }}.chain.crt"
tls_key: "/etc/ssl/private/{{ inventory_hostname }}.key"
domains: [] # All mail domains
postfix:
metrics_address: "127.0.0.1:9154"
milters: []
header_checks:
remove_client_ip_from_received:
regex: '^Received:.*(by.*with [A-Z0-9]*SMTPSA.*)$'
action: 'REPLACE Received: $1'
drop_originating_ip:
regex: '^X-Originating-IP:'
action: IGNORE
drop_mailer:
regex: '^X-Mailer:'
action: IGNORE
drop_user_agent:
regex: '^User-Agent:'
action: IGNORE
postfixadmin:
php_fpm_config:
user: postfixadmin
group: postfixadmin
listen: /run/php/php{{ php_version }}-fpm-postfixadmin.sock
listen.owner: www-data
listen.group: www-data
listen.mode: '0660'
'php_admin_value[syslog.ident]': postfixadmin
pm: dynamic
pm.max_children: 50
pm.start_servers: 2
pm.min_spare_servers: 2
pm.max_spare_servers: 3
'env[HOSTNAME]': '$HOSTNAME'
'env[PATH]': /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
'env[TMP]': /tmp
'env[TMPDIR]': /tmp
'env[TEMP]': /tmp
config:
configured: true
database_type: pgsql
database_host: null
database_user: postfixadmin
database_password: ''
database_name: postfixadmin
encrypt: 'dovecot:ARGON2I'
default_aliases: [] # For now
domain_path: 'YES'
domain_in_mailbox: 'NO'
aliases: 0
mailboxes: 0
maxquota: 0
domain_quota_default: 0
quota: 'YES'
domain_quota: 'NO'
sendmail: 'NO'
fetchmail: 'NO'
show_status: 'NO'
forgotten_user_password_reset: false
forgotten_admin_password_reset: false
password_expiration: 'NO'
generate_password: 'YES'
used_quotas: 'YES'
show_footer_text: 'NO'

11
handlers/main.yml Normal file
View file

@ -0,0 +1,11 @@
- name: restart dovecot
service: name=dovecot state=restarted
- name: restart postfix
service: name=postfix state=restarted
- name: restart prometheus-postfix-exporter
service: name=prometheus-postfix-exporter state=restarted
- name: restart postsrsd
service: name=postsrsd state=restarted

138
tasks/main.yml Normal file
View file

@ -0,0 +1,138 @@
- name: install packages
ansible.builtin.apt:
pkg:
- postfixadmin
- postfix
- postfix-pgsql
- prometheus-postfix-exporter
- postsrsd
- dovecot-common
- dovecot-imapd
- dovecot-managesieved
- dovecot-pgsql
- name: add vmail group
ansible.builtin.group:
name: vmail
system: true
- name: add vmail user
ansible.builtin.user:
name: vmail
group: vmail
home: /nonexistent
create_home: false
system: true
- name: create /var/mail/vmail
ansible.builtin.file:
path: /var/mail/vmail
state: directory
owner: vmail
group: vmail
mode: '0750'
# postfixadmin
- name: create postfixadmin group
ansible.builtin.group:
name: postfixadmin
system: true
- name: create postfixadmin user
ansible.builtin.user:
name: postfixadmin
group: postfixadmin
groups: www-data
home: /nonexistent
create_home: false
system: true
- name: copy postfixadmin config
ansible.builtin.template:
src: postfixadmin/config.local.php.j2
dest: /etc/postfixadmin/config.local.php
owner: root
group: postfixadmin
mode: "0640"
- name: fix access rights to postfixadmin template cache
ansible.builtin.file:
state: directory
owner: postfixadmin
group: postfixadmin
mode: 0700
path: /var/cache/postfixadmin/templates_c
# php_version and "restart php-fpm" handler from nginx role
- name: create postfixadmin php pool
ansible.builtin.template:
src: postfixadmin/php-fpm-pool.conf.j2
dest: "/etc/php/{{ php_version }}/fpm/pool.d/postfixadmin.conf"
owner: root
group: root
mode: 0644
notify:
- restart php-fpm
# dovecot
- name: copy dovecot config
ansible.builtin.template:
src: "dovecot/{{ item }}.j2"
dest: "/etc/dovecot/{{ item }}"
owner: root
group: root
mode: 0644
loop:
- dovecot.conf
- dovecot-sql.conf
- dovecot-dict-sql.conf
notify: restart dovecot
# prometheus-postfix-exporter
- name: configure prometheus postfix exporter
ansible.builtin.template:
src: prometheus-postfix-exporter/default.j2
dest: /etc/default/prometheus-postfix-exporter
owner: root
group: root
mode: 0644
notify:
- restart prometheus-postfix-exporter
# postsrsd
- name: configure postsrsd
ansible.builtin.template:
src: postsrsd/default.j2
dest: /etc/default/postsrsd
owner: root
group: root
mode: 0644
notify:
- restart postsrsd
# postfix
- name: create postfix psql config dir
ansible.builtin.file:
state: directory
owner: root
group: root
mode: 0755
path: "/etc/postfix/pgsql"
- name: copy postfix config
ansible.builtin.template:
src: "postfix/{{ item }}.j2"
dest: "/etc/postfix/{{ item }}"
owner: root
group: root
mode: 0644
loop:
- main.cf
- master.cf
- header_checks
- pgsql/relay_domains.cf
- pgsql/virtual_alias_maps.cf
- pgsql/virtual_domains_maps.cf
- pgsql/virtual_mailbox_maps.cf
- pgsql/virtual_sender_maps.cf
notify: restart postfix

14
templates/dovecot/dovecot-dict-sql.conf.j2 Normal file
View file

@ -0,0 +1,14 @@
connect = dbname=postfixadmin
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}

5
templates/dovecot/dovecot-sql.conf.j2 Normal file
View file

@ -0,0 +1,5 @@
driver = pgsql
connect = dbname=postfixadmin
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
user_query = SELECT '/var/mail/vmail/' || maildir AS home, '*:bytes=' || quota AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'

159
templates/dovecot/dovecot.conf.j2 Normal file
View file

@ -0,0 +1,159 @@
listen = *, ::
protocols = imap sieve
mail_plugins = $mail_plugins quota
ssl = required
ssl_cert = <{{ mailserver.tls_cert }}
ssl_key = <{{ mailserver.tls_key }}
ssl_dh = </etc/ssl/dh-4096.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = yes
# Auth
auth_mechanisms = plain login
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
# Returns: home=/var/mail/vmail/<maildir-from-postfixadmin>, quota_rule=*:bytes=<quota-from-postfixadmin>
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
# Returns: user=<username>, password=<password-hash-for-user>
}
# Mailboxes
mail_location = maildir:~/Maildir # Expanded to maildir:/var/mail/vmail/<maildir-from-postfixadmin>/Maildir
mail_uid = 1000
mail_gid = 1000
first_valid_uid = 1000
last_valid_uid = 1000
first_valid_gid = 1000
last_valid_gid = 1000
mailbox_list_index = yes
namespace inbox {
separator = '/'
inbox = yes
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
}
# IMAP
protocol imap {
# TODO: imap_quota?
mail_plugins = $mail_plugins
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
# Sieve
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
# Misc
service auth {
unix_listener auth-userdb {
mode = 0777
}
# Postfix uses this socket for submission auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
service quota-status {
executable = quota-status -p postfix
# Postfix uses this socket to check quotas on delivery (as check_policy_service)
unix_listener /var/spool/postfix/private/policy-quota {
mode = 0666
user = postfix
group = postfix
}
client_limit = 1
}
service stats {
unix_listener stats-reader {
user = vmail
group = vmail
mode = 0660
}
unix_listener stats-writer {
user = vmail
group = vmail
# 0666 instead of 0660, so postfixadmin can call doveadm pw without errors
mode = 0666
}
}
# Postfix delivers incoming mails via lda (transport "dovecot")
quota_full_tempfail = yes
lda_mailbox_autocreate = yes
protocol lda {
mail_plugins = $mail_plugins sieve
}
# Debugging
auth_verbose = yes
auth_debug = yes
mail_debug = yes
# Quota
plugin {
# Use postfixadmins quota2 table, so used_quota works
quota = dict:User quota::proxy::pgsql
# Default quota rule, overwritten by userdb
quota_rule = *:storage=0 # 0=unlimited
quota_grace = 10%%
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
dict {
# proxy::pgsql
pgsql = pgsql:/etc/dovecot/dovecot-dict-sql.conf
}

5
templates/postfix/header_checks.j2 Normal file
View file

@ -0,0 +1,5 @@
# {{ ansible_managed }}
{% for item in mailserver.postfix.header_checks.values() if not item.disabled|d(false) %}
/{{ item.regex }}/ {{ item.action }}
{% endfor %}

100
templates/postfix/main.cf.j2 Normal file
View file

@ -0,0 +1,100 @@
compatibility_level = 3.7
# Sane defaults
biff = no
# TODO: v why? v
append_dot_mydomain = no
local_header_rewrite_clients = permit_inet_interfaces permit_sasl_authenticated
# TODO: v why? v
readme_directory = no
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
message_size_limit = 102400000
# Disable all error reports to postmaster@, because they sometimes contain
# passwords or other confidential information
notify_classes =
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_non_fqdn_recipient,
# Quota check via Dovecot
check_policy_service unix:private/policy-quota,
permit
mua_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
mua_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
# Sender verification is disabled!
warn_if_reject,
reject_authenticated_sender_login_mismatch,
permit_mynetworks,
permit_sasl_authenticated
mua_client_restrictions = permit_sasl_authenticated,
reject
# Host settings
myhostname = {{ inventory_hostname }}
mydomain = {{ ansible_domain }}
myorigin = $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mydestination = {{ inventory_hostname_short }} {{ inventory_hostname }} localhost
# TLS parameters
smtpd_tls_cert_file = {{ mailserver.tls_cert }}
smtpd_tls_key_file = {{ mailserver.tls_key }}
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
# Postfixadmin and dovecot integration
relay_domains = $mydestination, pgsql:/etc/postfix/pgsql/relay_domains.cf
virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_domains_maps.cf
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
local_transport = dovecot
local_recipient_maps = $virtual_mailbox_maps
smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql/virtual_sender_maps.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# PostSRS integration
sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:10002
# Milters
milter_protocol = 6
milter_default_action = accept
smtpd_milters = {{ ' '.join(mailserver.postfix.milters) }}
non_smtpd_milters = {{ ' '.join(mailserver.postfix.milters) }}
# Header checks
mime_header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks

125
templates/postfix/master.cf.j2 Normal file
View file

@ -0,0 +1,125 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_tls_security_level=encrypt
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o milter_macro_daemon_name=ORIGINATING
#submissions inet n - y - - smtpd
# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${domain}

4
templates/postfix/pgsql/relay_domains.cf.j2 Normal file
View file

@ -0,0 +1,4 @@
dbname = postfixadmin
user = postfix
hosts = unix:/var/run/postgresql
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = true

4
templates/postfix/pgsql/virtual_alias_maps.cf.j2 Normal file
View file

@ -0,0 +1,4 @@
dbname = postfixadmin
user = postfix
hosts = unix:/var/run/postgresql
query = SELECT goto FROM alias WHERE address='%s' AND active = true

4
templates/postfix/pgsql/virtual_domains_maps.cf.j2 Normal file
View file

@ -0,0 +1,4 @@
dbname = postfixadmin
user = postfix
hosts = unix:/var/run/postgresql
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = false and active = true

4
templates/postfix/pgsql/virtual_mailbox_maps.cf.j2 Normal file
View file

@ -0,0 +1,4 @@
dbname = postfixadmin
user = postfix
hosts = unix:/var/run/postgresql
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true

4
templates/postfix/pgsql/virtual_sender_maps.cf.j2 Normal file
View file

@ -0,0 +1,4 @@
dbname = postfixadmin
user = postfix
hosts = unix:/var/run/postgresql
query = SELECT username FROM mailbox WHERE username='%s' AND active = true

30
templates/postfixadmin/config.local.php.j2 Normal file
View file

@ -0,0 +1,30 @@
<?php
/* {{ ansible_managed }} */
{% macro php_obj(obj) %}
{%- if obj is string -%}
'{{ obj|replace('\\', '\\\\')|replace('\'', '\\\'') }}'
{%- elif obj is number -%}
{{ obj }}
{%- elif obj is boolean -%}
{{ obj }}
{%- elif obj is none -%}
null
{%- elif obj is mapping %}
[
{% for key, value in obj.items() %}
'{{ key|replace('\\', '\\\\')|replace('\'', '\\\'') }}' => {{ php_obj(value)|indent }},
{% endfor %}
]
{%- elif obj is iterable -%}
[
{% for item in obj %}
{{ php_obj(item)|indent(first=true) }},
{% endfor %}
]
{% endif %}
{% endmacro %}
{% for key, value in mailserver.postfixadmin.config.items() %}
$CONF['{{ key|replace('\\', '\\\\')|replace('\'', '\\\'') }}'] = {{ php_obj(value)|indent }};
{% endfor %}

5
templates/postfixadmin/php-fpm-pool.conf.j2 Normal file
View file

@ -0,0 +1,5 @@
[postfixadmin]
{% for key, value in mailserver.postfixadmin.php_fpm_config.items() %}
{{ key }} = {{ value }}
{% endfor %}

62
templates/postsrsd/default.j2 Normal file
View file

@ -0,0 +1,62 @@
# Default settings for PostSRSd
# Local domain name.
# Addresses are rewritten to originate from this domain. The default value
# is taken from `postconf -h mydomain` and probably okay.
#
#SRS_DOMAIN=
# Exclude additional domains.
# You may list domains which shall not be subjected to address rewriting.
# If a domain name starts with a dot, it matches all subdomains, but not
# the domain itself. Separate multiple domains by space or comma.
#
SRS_EXCLUDE_DOMAINS={{ mailserver.domains|join(',') }}
# First separator character after SRS0 or SRS1.
# Can be one of: -+=
SRS_SEPARATOR==
# Secret key to sign rewritten addresses.
# When postsrsd is installed for the first time, a random secret is generated
# and stored in /etc/postsrsd.secret. For most installations, that's just fine.
#
SRS_SECRET=/etc/postsrsd.secret
# Length of hash to be used in rewritten addresses
SRS_HASHLENGTH=4
# Minimum length of hash to accept when validating return addresses.
# When increasing SRS_HASHLENGTH, set this to its previous value and
# wait for the duration of SRS return address validity (21 days) before
# increading this value as well.
SRS_HASHMIN=4
# Local ports for TCP list.
# These ports are used to bind the TCP list for postfix. If you change
# these, you have to modify the postfix settings accordingly. The ports
# are bound to the loopback interface, and should never be exposed on
# the internet.
#
SRS_FORWARD_PORT=10001
SRS_REVERSE_PORT=10002
# Drop root privileges and run as another user after initialization.
# This is highly recommended as postsrsd handles untrusted input.
#
RUN_AS=postsrsd
# Bind to this address
#
SRS_LISTEN_ADDR=127.0.0.1
# Jail daemon in chroot environment
#
CHROOT=/var/lib/postsrsd
# Additional Options
# PostSRSd understands a few rarely needed extra options:
# -A always rewrite email addresses, even from SRS_DOMAIN
# -t<n> set connection timeout to <n> seconds (default: 1800)
#
#SRS_EXTRA_OPTIONS=-A

15
templates/prometheus-postfix-exporter/default.j2 Normal file
View file

@ -0,0 +1,15 @@
# Private log file from Postfix to read and truncate. Configured in
# /etc/rsyslog.d/prometheus-postfix-exporter.conf
POSTFIXLOGFILE=/var/lib/prometheus/postfix-exporter/mail.log
# Extra arguments for the daemon.
ARGS='--web.listen-address {{ mailserver.postfix.metrics_address }}'
# Prometheus-postfix-exporter supports the following options:
# --postfix.showq_path string
# Path at which Postfix places its showq socket.
# (default "/var/spool/postfix/public/showq")
# --web.listen-address string
# Address to listen on for web interface and telemetry. (default ":9154")
# --web.telemetry-path string
# Path under which to expose metrics. (default "/metrics")