Browse Source

Mail relay support.

master
Dan Helfman 2 years ago
parent
commit
2d3034de6f

+ 3
- 0
ansible.cfg View File

@@ -0,0 +1,3 @@
1
+[defaults]
2
+nocows = 1
3
+vault_password_file = $HOME/.vault_pass.txt

+ 11
- 0
group_vars/vault.yml View File

@@ -0,0 +1,11 @@
1
+$ANSIBLE_VAULT;1.1;AES256
2
+31306335393435656636343539316361336538386532323665343632646637393466376330383663
3
+3235306362313865343031343962333137393231646236360a653434323430346233653563366233
4
+36396664316434393237323039653830616465356166343639323565656364633930346439386531
5
+6138396463393736390a623834383836383436313335303561346232636232643961303031386565
6
+30666437363239613331306534333361306633316539363065313964356133626162306432376234
7
+35373731656237333262373638666536616361376532373733326461333762616634363937626665
8
+33383938633236326532653530376661386636643730643938666462303762346662663034366238
9
+38313564373161336534613635363136623138623166386165626562336432373036353331643331
10
+66313130333364623564386561346538376136323337366238346335323436626662316138623332
11
+3263663139346466346132636563303765333039643264333163

+ 1
- 1
roles/common/tasks/main.yml View File

@@ -4,7 +4,7 @@
4 4
 - name: install sudo
5 5
   apt: name=sudo
6 6
 
7
-- name: user witten
7
+- name: create user witten
8 8
   user: name=witten
9 9
         groups=sudo
10 10
         append=yes

+ 124
- 0
roles/mail_relay/files/master.cf View File

@@ -0,0 +1,124 @@
1
+#
2
+# Postfix master process configuration file.  For details on the format
3
+# of the file, see the master(5) manual page (command: "man 5 master" or
4
+# on-line: http://www.postfix.org/master.5.html).
5
+#
6
+# Do not forget to execute "postfix reload" after editing this file.
7
+#
8
+# ==========================================================================
9
+# service type  private unpriv  chroot  wakeup  maxproc command + args
10
+#               (yes)   (yes)   (yes)   (never) (100)
11
+# ==========================================================================
12
+smtp      inet  n       -       -       -       -       smtpd
13
+#smtp      inet  n       -       -       -       1       postscreen
14
+#smtpd     pass  -       -       -       -       -       smtpd
15
+#dnsblog   unix  -       -       -       -       0       dnsblog
16
+#tlsproxy  unix  -       -       -       -       0       tlsproxy
17
+#submission inet n       -       -       -       -       smtpd
18
+#  -o syslog_name=postfix/submission
19
+#  -o smtpd_tls_security_level=encrypt
20
+#  -o smtpd_sasl_auth_enable=yes
21
+#  -o smtpd_reject_unlisted_recipient=no
22
+#  -o smtpd_client_restrictions=$mua_client_restrictions
23
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
24
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
25
+#  -o smtpd_recipient_restrictions=
26
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
27
+#  -o milter_macro_daemon_name=ORIGINATING
28
+#smtps     inet  n       -       -       -       -       smtpd
29
+#  -o syslog_name=postfix/smtps
30
+#  -o smtpd_tls_wrappermode=yes
31
+#  -o smtpd_sasl_auth_enable=yes
32
+#  -o smtpd_reject_unlisted_recipient=no
33
+#  -o smtpd_client_restrictions=$mua_client_restrictions
34
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
35
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
36
+#  -o smtpd_recipient_restrictions=
37
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
38
+#  -o milter_macro_daemon_name=ORIGINATING
39
+#628       inet  n       -       -       -       -       qmqpd
40
+pickup    unix  n       -       -       60      1       pickup
41
+cleanup   unix  n       -       -       -       0       cleanup
42
+qmgr      unix  n       -       n       300     1       qmgr
43
+#qmgr     unix  n       -       n       300     1       oqmgr
44
+tlsmgr    unix  -       -       -       1000?   1       tlsmgr
45
+rewrite   unix  -       -       -       -       -       trivial-rewrite
46
+bounce    unix  -       -       -       -       0       bounce
47
+defer     unix  -       -       -       -       0       bounce
48
+trace     unix  -       -       -       -       0       bounce
49
+verify    unix  -       -       -       -       1       verify
50
+flush     unix  n       -       -       1000?   0       flush
51
+proxymap  unix  -       -       n       -       -       proxymap
52
+proxywrite unix -       -       n       -       1       proxymap
53
+smtp      unix  -       -       -       -       -       smtp
54
+relay     unix  -       -       -       -       -       smtp
55
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
56
+showq     unix  n       -       -       -       -       showq
57
+error     unix  -       -       -       -       -       error
58
+retry     unix  -       -       -       -       -       error
59
+discard   unix  -       -       -       -       -       discard
60
+local     unix  -       n       n       -       -       local
61
+virtual   unix  -       n       n       -       -       virtual
62
+lmtp      unix  -       -       -       -       -       lmtp
63
+anvil     unix  -       -       -       -       1       anvil
64
+scache    unix  -       -       -       -       1       scache
65
+#
66
+# ====================================================================
67
+# Interfaces to non-Postfix software. Be sure to examine the manual
68
+# pages of the non-Postfix software to find out what options it wants.
69
+#
70
+# Many of the following services use the Postfix pipe(8) delivery
71
+# agent.  See the pipe(8) man page for information about ${recipient}
72
+# and other message envelope options.
73
+# ====================================================================
74
+#
75
+# maildrop. See the Postfix MAILDROP_README file for details.
76
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
77
+#
78
+maildrop  unix  -       n       n       -       -       pipe
79
+  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
80
+#
81
+# ====================================================================
82
+#
83
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
84
+#
85
+# Specify in cyrus.conf:
86
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
87
+#
88
+# Specify in main.cf one or more of the following:
89
+#  mailbox_transport = lmtp:inet:localhost
90
+#  virtual_transport = lmtp:inet:localhost
91
+#
92
+# ====================================================================
93
+#
94
+# Cyrus 2.1.5 (Amos Gouaux)
95
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
96
+#
97
+#cyrus     unix  -       n       n       -       -       pipe
98
+#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
99
+#
100
+# ====================================================================
101
+# Old example of delivery via Cyrus.
102
+#
103
+#old-cyrus unix  -       n       n       -       -       pipe
104
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
105
+#
106
+# ====================================================================
107
+#
108
+# See the Postfix UUCP_README file for configuration details.
109
+#
110
+uucp      unix  -       n       n       -       -       pipe
111
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
112
+#
113
+# Other external delivery methods.
114
+#
115
+ifmail    unix  -       n       n       -       -       pipe
116
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
117
+bsmtp     unix  -       n       n       -       -       pipe
118
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
119
+scalemail-backend unix	-	n	n	-	2	pipe
120
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
121
+mailman   unix  -       n       n       -       -       pipe
122
+  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
123
+  ${nexthop} ${user}
124
+

+ 2
- 0
roles/mail_relay/handlers/main.yml View File

@@ -0,0 +1,2 @@
1
+- name: reload postfix
2
+  service: name=postfix state=reloaded

+ 4
- 0
roles/mail_relay/tasks/main.yml View File

@@ -0,0 +1,4 @@
1
+- include: postfix.yml
2
+  tags:
3
+    - postfix
4
+    - mail_relay

+ 23
- 0
roles/mail_relay/tasks/postfix.yml View File

@@ -0,0 +1,23 @@
1
+- name: install postfix
2
+  apt: name=postfix
3
+
4
+- name: configure main
5
+  template: src=main.cf.j2 dest=/etc/postfix/main.cf
6
+  notify: reload postfix
7
+
8
+- name: configure master
9
+  copy: src=master.cf dest=/etc/postfix/master.cf
10
+  notify: reload postfix
11
+
12
+- name: configure mailname
13
+  copy: content={{ postfix_mailname }} dest=/etc/mailname
14
+  notify: reload postfix
15
+
16
+- name: configure SASL password
17
+  template: src=sasl_passwd.j2 dest=/etc/postfix/sasl_passwd owner=root group=root mode=600
18
+  register: sasl_passwd
19
+
20
+- name: hash SASL password
21
+  command: postmap /etc/postfix/sasl_passwd
22
+  when: sasl_passwd.changed
23
+  notify: reload postfix

+ 48
- 0
roles/mail_relay/templates/main.cf.j2 View File

@@ -0,0 +1,48 @@
1
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
2
+
3
+
4
+# Debian specific:  Specifying a file name will cause the first
5
+# line of that file to be used as the name.  The Debian default
6
+# is /etc/mailname.
7
+#myorigin = /etc/mailname
8
+
9
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
10
+biff = no
11
+
12
+# appending .domain is the MUA's job.
13
+append_dot_mydomain = no
14
+
15
+# Uncomment the next line to generate "delayed mail" warnings
16
+#delay_warning_time = 4h
17
+
18
+readme_directory = no
19
+
20
+# TLS parameters
21
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
22
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
23
+smtpd_use_tls=yes
24
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
25
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
26
+
27
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
28
+# information on enabling SSL in the smtp client.
29
+
30
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
31
+myhostname = {{ postfix_hostname }}
32
+alias_maps = hash:/etc/aliases
33
+alias_database = hash:/etc/aliases
34
+myorigin = /etc/mailname
35
+mydestination = {{ postfix_destination }}
36
+relayhost = {{ postfix_relayhost }}
37
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
38
+mailbox_command = procmail -a "$EXTENSION"
39
+mailbox_size_limit = 0
40
+recipient_delimiter = +
41
+inet_interfaces = loopback-only
42
+
43
+smtp_enforce_tls = yes
44
+smtp_tls_security_level = encrypt
45
+smtp_tls_enforce_peername = yes
46
+smtp_sasl_auth_enable = yes
47
+smtp_sasl_tls_security_options = noanonymous
48
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

+ 2
- 0
roles/mail_relay/templates/sasl_passwd.j2 View File

@@ -0,0 +1,2 @@
1
+# destination                   credentials
2
+[mail.torsion.org]:465          {{ mail_relay_sasl_username }}:{{ mail_relay_sasl_password }}

+ 7
- 0
roles/mail_server/tasks/main.yml View File

@@ -8,6 +8,13 @@
8 8
     - postfix
9 9
     - mail_server
10 10
 
11
+- name: create user media
12
+  user: name=media
13
+        system=true
14
+        password="$6$0zZYuVjH$7lNWoFfSnCqDgWQWfJ49O3IxJGbl2sJ5z4tU.rAUV4gys/EHkvs9tTIVNNkb47upXU5kzYKBeVxssMT87ryQT0"
15
+  tags:
16
+    - mail_server
17
+
11 18
 # TODO: postfix config
12 19
 # TODO: SPF install/config
13 20
 # TODO: TMDA install/config

+ 7
- 0
site.yml View File

@@ -16,6 +16,8 @@
16 16
       letsencrypt_server: https://acme-v01.api.letsencrypt.org/directory
17 17
 
18 18
 - hosts: apps.torsion.org
19
+  vars_files:
20
+    - group_vars/vault.yml
19 21
   roles:
20 22
     - common
21 23
     - role: mediagoblin
@@ -30,3 +32,8 @@
30 32
       letsencrypt_webroot_path: /var/www/html
31 33
       letsencrypt_email: webmaster@torsion.org
32 34
       letsencrypt_server: https://acme-v01.api.letsencrypt.org/directory
35
+    - role: mail_relay
36
+      postfix_hostname: media.torsion.org
37
+      postfix_mailname: torsion.org
38
+      postfix_destination: "apps.torsion.org media.torsion.org"
39
+      postfix_relayhost: "[mail.torsion.org]:465"

Loading…
Cancel
Save