Browse Source

Mail relay support.

master
Dan Helfman 4 years ago
parent
commit
2d3034de6f
11 changed files with 232 additions and 1 deletions
  1. +3
    -0
      ansible.cfg
  2. +11
    -0
      group_vars/vault.yml
  3. +1
    -1
      roles/common/tasks/main.yml
  4. +124
    -0
      roles/mail_relay/files/master.cf
  5. +2
    -0
      roles/mail_relay/handlers/main.yml
  6. +4
    -0
      roles/mail_relay/tasks/main.yml
  7. +23
    -0
      roles/mail_relay/tasks/postfix.yml
  8. +48
    -0
      roles/mail_relay/templates/main.cf.j2
  9. +2
    -0
      roles/mail_relay/templates/sasl_passwd.j2
  10. +7
    -0
      roles/mail_server/tasks/main.yml
  11. +7
    -0
      site.yml

+ 3
- 0
ansible.cfg View File

@@ -0,0 +1,3 @@
[defaults]
nocows = 1
vault_password_file = $HOME/.vault_pass.txt

+ 11
- 0
group_vars/vault.yml View File

@@ -0,0 +1,11 @@
$ANSIBLE_VAULT;1.1;AES256
31306335393435656636343539316361336538386532323665343632646637393466376330383663
3235306362313865343031343962333137393231646236360a653434323430346233653563366233
36396664316434393237323039653830616465356166343639323565656364633930346439386531
6138396463393736390a623834383836383436313335303561346232636232643961303031386565
30666437363239613331306534333361306633316539363065313964356133626162306432376234
35373731656237333262373638666536616361376532373733326461333762616634363937626665
33383938633236326532653530376661386636643730643938666462303762346662663034366238
38313564373161336534613635363136623138623166386165626562336432373036353331643331
66313130333364623564386561346538376136323337366238346335323436626662316138623332
3263663139346466346132636563303765333039643264333163

+ 1
- 1
roles/common/tasks/main.yml View File

@@ -4,7 +4,7 @@
- name: install sudo
apt: name=sudo

- name: user witten
- name: create user witten
user: name=witten
groups=sudo
append=yes


+ 124
- 0
roles/mail_relay/files/master.cf View File

@@ -0,0 +1,124 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
#submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}


+ 2
- 0
roles/mail_relay/handlers/main.yml View File

@@ -0,0 +1,2 @@
- name: reload postfix
service: name=postfix state=reloaded

+ 4
- 0
roles/mail_relay/tasks/main.yml View File

@@ -0,0 +1,4 @@
- include: postfix.yml
tags:
- postfix
- mail_relay

+ 23
- 0
roles/mail_relay/tasks/postfix.yml View File

@@ -0,0 +1,23 @@
- name: install postfix
apt: name=postfix

- name: configure main
template: src=main.cf.j2 dest=/etc/postfix/main.cf
notify: reload postfix

- name: configure master
copy: src=master.cf dest=/etc/postfix/master.cf
notify: reload postfix

- name: configure mailname
copy: content={{ postfix_mailname }} dest=/etc/mailname
notify: reload postfix

- name: configure SASL password
template: src=sasl_passwd.j2 dest=/etc/postfix/sasl_passwd owner=root group=root mode=600
register: sasl_passwd

- name: hash SASL password
command: postmap /etc/postfix/sasl_passwd
when: sasl_passwd.changed
notify: reload postfix

+ 48
- 0
roles/mail_relay/templates/main.cf.j2 View File

@@ -0,0 +1,48 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = {{ postfix_hostname }}
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = {{ postfix_destination }}
relayhost = {{ postfix_relayhost }}
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only

smtp_enforce_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_enforce_peername = yes
smtp_sasl_auth_enable = yes
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

+ 2
- 0
roles/mail_relay/templates/sasl_passwd.j2 View File

@@ -0,0 +1,2 @@
# destination credentials
[mail.torsion.org]:465 {{ mail_relay_sasl_username }}:{{ mail_relay_sasl_password }}

+ 7
- 0
roles/mail_server/tasks/main.yml View File

@@ -8,6 +8,13 @@
- postfix
- mail_server

- name: create user media
user: name=media
system=true
password="$6$0zZYuVjH$7lNWoFfSnCqDgWQWfJ49O3IxJGbl2sJ5z4tU.rAUV4gys/EHkvs9tTIVNNkb47upXU5kzYKBeVxssMT87ryQT0"
tags:
- mail_server

# TODO: postfix config
# TODO: SPF install/config
# TODO: TMDA install/config


+ 7
- 0
site.yml View File

@@ -16,6 +16,8 @@
letsencrypt_server: https://acme-v01.api.letsencrypt.org/directory

- hosts: apps.torsion.org
vars_files:
- group_vars/vault.yml
roles:
- common
- role: mediagoblin
@@ -30,3 +32,8 @@
letsencrypt_webroot_path: /var/www/html
letsencrypt_email: webmaster@torsion.org
letsencrypt_server: https://acme-v01.api.letsencrypt.org/directory
- role: mail_relay
postfix_hostname: media.torsion.org
postfix_mailname: torsion.org
postfix_destination: "apps.torsion.org media.torsion.org"
postfix_relayhost: "[mail.torsion.org]:465"

Loading…
Cancel
Save