Migrate postfix conf
This commit is contained in:
Morre
parent
ccfa0b2af6
commit
114b0450f1
2 changed files with 32 additions and 61 deletions
|
|
@ -62,7 +62,7 @@ virtual_mailbox_domains: []
|
||||||
# networks to relay mail from without user authentication
|
# networks to relay mail from without user authentication
|
||||||
mynetworks: []
|
mynetworks: []
|
||||||
|
|
||||||
# currently ignored
|
# Postfix is the destination for the domains listed here
|
||||||
mydestination: []
|
mydestination: []
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,11 @@ smtp_tls_security_level = {{ postfix.ssl.outgoing_security_level }}
|
||||||
|
|
||||||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
||||||
|
|
||||||
|
# SMTPD default settings
|
||||||
|
smtpd_helo_required = yes
|
||||||
|
strict_rfc821_envelopes = yes
|
||||||
|
disable_vrfy_command = yes
|
||||||
|
|
||||||
myhostname = {{ inventory_hostname }}
|
myhostname = {{ inventory_hostname }}
|
||||||
mydomain = {{ postfix.mydomain|d(ansible_domain) }}
|
mydomain = {{ postfix.mydomain|d(ansible_domain) }}
|
||||||
myorigin = $mydomain
|
myorigin = $mydomain
|
||||||
|
|
@ -55,13 +60,36 @@ inet_protocols = all
|
||||||
|
|
||||||
message_size_limit = {{ postfix.message_size_limit }}
|
message_size_limit = {{ postfix.message_size_limit }}
|
||||||
|
|
||||||
|
# Restrictions
|
||||||
|
smtpd_helo_restrictions = permit_mynetworks,
|
||||||
|
permit_sasl_authenticated,
|
||||||
|
reject_invalid_helo_hostname,
|
||||||
|
reject_non_fqdn_helo_hostname
|
||||||
|
|
||||||
|
smtpd_sender_restrictions = reject_non_fqdn_sender,
|
||||||
|
reject_unknown_sender_domain,
|
||||||
|
reject_sender_login_mismatch,
|
||||||
|
permit_mynetworks,
|
||||||
|
permit_sasl_authenticated
|
||||||
|
|
||||||
|
smtpd_recipient_restrictions = permit_mynetworks,
|
||||||
|
permit_sasl_authenticated,
|
||||||
|
reject_unlisted_recipient,
|
||||||
|
reject_unknown_recipient_domain,
|
||||||
|
reject_unauth_destination,
|
||||||
|
reject_non_fqdn_recipient,
|
||||||
|
permit
|
||||||
|
|
||||||
|
{% if ("virtual_transport" in postfix and postfix.virtual_transport == "dovecot")
|
||||||
|
or postfix.ldap.enable
|
||||||
|
%}
|
||||||
|
smtpd_sasl_auth_enable = yes
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if "virtual_transport" in postfix and postfix.virtual_transport == "dovecot" %}
|
{% if "virtual_transport" in postfix and postfix.virtual_transport == "dovecot" %}
|
||||||
smtpd_sasl_type = dovecot
|
smtpd_sasl_type = dovecot
|
||||||
smtpd_sasl_path = private/auth
|
smtpd_sasl_path = private/auth
|
||||||
smtpd_sasl_auth_enable = yes
|
|
||||||
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
|
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
|
||||||
smtpd_sender_restrictions = reject_unknown_sender_domain
|
|
||||||
#smtpd_client_restrictions = permit_mynetworks,reject
|
|
||||||
|
|
||||||
dovecot_destination_recipient_limit = 1
|
dovecot_destination_recipient_limit = 1
|
||||||
virtual_transport = dovecot
|
virtual_transport = dovecot
|
||||||
|
|
@ -71,63 +99,6 @@ virtual_transport = dovecot
|
||||||
virtual_alias_maps = {{ postfix.virtual_alias_maps }}
|
virtual_alias_maps = {{ postfix.virtual_alias_maps }}
|
||||||
virtual_mailbox_domains = {{ postfix.virtual_mailbox_domains|join(' ') }}
|
virtual_mailbox_domains = {{ postfix.virtual_mailbox_domains|join(' ') }}
|
||||||
|
|
||||||
{% if postfix.ldap.enable %}
|
|
||||||
# LDAP config
|
|
||||||
## Virtual maps
|
|
||||||
# virtual_mailbox_maps = ldap:/etc/postfix/ldap/virtual_mailboxes.cf
|
|
||||||
# virtual_mailbox_base = /home/vmail
|
|
||||||
# virtual_uid_maps = ldap:/etc/postfix/ldap/virtual_uid.cf # TODO: Do we need this?
|
|
||||||
# virtual_gid_maps = ldap:/etc/postfix/ldap/virtual_gid.cf # TODO: Do we need this?
|
|
||||||
|
|
||||||
# virtual_uid_maps = static:{{ vmail_user.uid }}
|
|
||||||
# virtual_gid_maps = static:{{ vmail_user.group }}
|
|
||||||
|
|
||||||
## Transport maps
|
|
||||||
### None so far
|
|
||||||
|
|
||||||
# TLS
|
|
||||||
# TODO: This is already enabled when using dovecot as transport
|
|
||||||
smtpd_sasl_auth_enable = yes
|
|
||||||
smtpd_sasl_security_options = noanonymous
|
|
||||||
|
|
||||||
# Restrictions
|
|
||||||
smtpd_helo_required = yes
|
|
||||||
strict_rfc821_envelopes = yes
|
|
||||||
disable_vrfy_command = yes
|
|
||||||
|
|
||||||
smtpd_helo_restrictions = permit_mynetworks,
|
|
||||||
permit_sasl_authenticated,
|
|
||||||
reject_invalid_hostname,
|
|
||||||
reject_invalid_helo_hostname,
|
|
||||||
reject_non_fqdn_helo_hostname
|
|
||||||
|
|
||||||
# TODO: This is already enabled when using dovecot as transport
|
|
||||||
smtpd_sender_restrictions = reject_non_fqdn_sender,
|
|
||||||
reject_unknown_sender_domain,
|
|
||||||
reject_sender_login_mismatch,
|
|
||||||
permit_mynetworks,
|
|
||||||
permit_sasl_authenticated
|
|
||||||
|
|
||||||
# TODO: This is already enabled when using dovecot as transport
|
|
||||||
smtpd_recipient_restrictions = permit_mynetworks,
|
|
||||||
permit_sasl_authenticated,
|
|
||||||
reject_unlisted_sender,
|
|
||||||
reject_unlisted_recipient,
|
|
||||||
reject_unknown_sender_domain,
|
|
||||||
reject_unknown_recipient_domain,
|
|
||||||
reject_invalid_hostname,
|
|
||||||
reject_unauth_destination,
|
|
||||||
reject_non_fqdn_hostname,
|
|
||||||
reject_non_fqdn_sender,
|
|
||||||
reject_non_fqdn_recipient,
|
|
||||||
permit
|
|
||||||
|
|
||||||
smtpd_client_restrictions = permit_mynetworks,
|
|
||||||
permit_sasl_authenticated,
|
|
||||||
permit
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# opendkim
|
# opendkim
|
||||||
|
|
||||||
{% if postfix.enable_opendkim %}
|
{% if postfix.enable_opendkim %}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue