infra/ansible-role-postfix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed ssl support, moved defaults from template to defaults

Browse source
This commit is contained in:
nd 2019-07-28 16:20:40 +02:00
parent 1bf1feca21
commit 143139237f
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
2 changed files with 32 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

29
templates/main.cf.j2
View file

@ -20,11 +20,14 @@ readme_directory = no
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_cert_file = {{ postfix.ssl.cert }}
smtpd_tls_key_file = {{ postfix.ssl.key }}
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = {{ postfix.ssl.incoming_security_level }}
smtpd_tls_auth_only = yes
smtp_tls_security_level = {{ postfix.ssl.outgoing_security_level }}
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
@ -34,25 +37,25 @@ smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_una
myhostname = {{ inventory_hostname }}
mydomain = {{ postfix.mydomain|d(ansible_domain) }}
myorigin = $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ postfix.mynetworks|d([])|join(' ') }}
mydestination = {{ inventory_hostname_short }} {{ inventory_hostname }} localhost {{ postfix.mydestination|d([])|join(' ') }}
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ postfix.mynetworks|join(' ') }}
mydestination = {{ inventory_hostname_short }} {{ inventory_hostname }} localhost {{ postfix.mydestination|join(' ') }}
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost = {{ postfix.relayhost|d('') }}
relay_domains = {{ postfix.relay_domains|d([])|join(', ') }}
relay_transport = {{ postfix.relay_transport|d('smtp') }}
sender_dependent_relayhost_maps = {{ postfix.sender_dependent_relayhost_maps|d('') }}
virtual_alias_maps = {{ postfix.virtual_alias_maps|d('') }}
virtual_mailbox_domains = {{ postfix.virtual_mailbox_domains|d([])|join(' ') }}
relayhost = {{ postfix.relayhost }}
relay_domains = {{ postfix.relay_domains|join(', ') }}
relay_transport = {{ postfix.relay_transport }}
sender_dependent_relayhost_maps = {{ postfix.sender_dependent_relayhost_maps }}
virtual_alias_maps = {{ postfix.virtual_alias_maps }}
virtual_mailbox_domains = {{ postfix.virtual_mailbox_domains|join(' ') }}
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
message_size_limit = {{ postfix.message_size_limit|d('20480000') }}
message_size_limit = {{ postfix.message_size_limit }}
{% if "virtual_transport" in postfix and postfix.virtual_transport == "dovecot" %}
smtpd_sasl_type = dovecot
@ -68,7 +71,7 @@ virtual_transport = dovecot
# opendkim
{% if postfix.enable_opendkim|d(false) %}
{% if postfix.enable_opendkim %}
milter_protocol = 6
milter_default_action = accept