• Stars
    star
    159
  • Rank 235,916 (Top 5 %)
  • Language Jinja
  • License
    MIT License
  • Created over 10 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Ansible role to set up postfix in Debian-like systems

postfix

CI Ansible Galaxy

Set up a postfix server in Debian-like systems.

Requirements

None

Variables

  • postfix_install [default: [postfix, mailutils, libsasl2-2, sasl2-bin, libsasl2-modules]]: Packages to install

  • postfix_hostname [default: {{ ansible_fqdn }}]: Host name, used for myhostname and in mydestination

  • postfix_mailname [default: {{ ansible_fqdn }}]: Mail name (in /etc/mailname), used for myorigin

  • postfix_compatibility_level [optional]: With backwards compatibility turned on (the compatibility_level value is less than the Postfix built-in value), Postfix looks for settings that are left at their implicit default value, and logs a message when a backwards-compatible default setting is required (e.g. 2, Postfix >= 3.0)

  • postfix_default_database_type [default: hash]: The default database type for use in newaliases, postalias and postmap commands

  • postfix_aliases [default: []]: Aliases to ensure present in /etc/aliases

  • postfix_virtual_aliases [default: []]: Virtual aliases to ensure present in /etc/postfix/virtual

  • postfix_sender_canonical_maps [default: []]: Sender address rewriting in /etc/postfix/sender_canonical_maps (see)

  • postfix_sender_canonical_maps_database_type [default: "{{ postfix_default_database_type }}"]: The database type for use in postfix_sender_canonical_maps

  • postfix_recipient_canonical_maps [default: []]: Recipient address rewriting in /etc/postfix/recipient_canonical_maps (see)

  • postfix_recipient_canonical_maps_database_type [default: "{{ postfix_default_database_type }}"]: The database type for use in postfix_recipient_canonical_maps

  • postfix_transport_maps [default: []]: Transport mapping based on recipient address /etc/postfix/transport_maps (see)

  • postfix_transport_maps_database_type [default: "{{ postfix_default_database_type }}"]: The database type for use in postfix_transport_maps

  • postfix_sender_dependent_relayhost_maps [default: []]: Transport mapping based on sender address /etc/postfix/sender_dependent_relayhost_maps (see)

  • postfix_header_checks [default: []]: Lookup tables for content inspection of primary non-MIME message headers /etc/postfix/header_checks (see)

  • postfix_header_checks_database_type [default: regexp]: The database type for use in header_checks

  • postfix_generic [default: postfix_smtp_generic_maps]: Deprecated, use postfix_smtp_generic_maps

  • postfix_smtp_generic_maps [default: []]: Generic table address mapping in /etc/postfix/generic (see)

  • postfix_smtp_generic_maps_database_type [default: "{{ postfix_default_database_type }}"]: The database type for use in smtp_generic_maps

  • postfix_mydestination [default: ["{{ postfix_hostname }}", 'localdomain', 'localhost', 'localhost.localdomain']]: Specifies what domains this machine will deliver locally, instead of forwarding to another machine

  • postfix_mynetworks [default: ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128']]: The list of "trusted" remote SMTP clients that have more privileges than "strangers"

  • postfix_inet_interfaces [default: all]: Network interfaces to bind (see)

  • postfix_inet_protocols [default: all]: The Internet protocols Postfix will attempt to use when making or accepting connections (see)

  • postfix_relayhost [default: '' (no relay host)]: Hostname to relay all email to

  • postfix_relayhost_mxlookup [default: false (not using mx lookup)]: Lookup for MX record instead of A record for relayhost

  • postfix_relayhost_port [default: 587]: Relay port (on postfix_relayhost, if set)

  • postfix_relaytls [default: false]: Use TLS when sending with a relay host

  • postfix_smtpd_client_restrictions [optional]: List of client restrictions (see)

  • postfix_smtpd_helo_restrictions [optional]: List of helo restrictions (see)

  • postfix_smtpd_sender_restrictions [optional]: List of sender restrictions (see)

  • postfix_smtpd_recipient_restrictions [optional]: List of recipient restrictions (see)

  • postfix_smtpd_relay_restrictions [optional]: List of access restrictions for mail relay control (see)

  • postfix_smtpd_data_restrictions [optional]: List of data restrictions (see)

  • postfix_sasl_auth_enable [default: true]: Enable SASL authentication in the SMTP client

  • postfix_sasl_user [default: postmaster@{{ ansible_domain }}]: SASL relay username

  • postfix_sasl_password [default: k8+haga4@#pR]: SASL relay password Make sure to change!

  • postfix_sasl_security_options [default: noanonymous]: SMTP client SASL security options

  • postfix_sasl_tls_security_option [default: noanonymous]: SMTP client SASL TLS security options

  • postfix_sasl_mechanism_filter [default: '']: SMTP client SASL authentication mechanism filter (see)

  • postfix_smtp_tls_security_level [default: encrypt]: The default SMTP TLS security level for the Postfix SMTP client (see)

  • postfix_smtp_tls_wrappermode [default: false]: Request that the Postfix SMTP client connects using the legacy SMTPS protocol instead of using the STARTTLS command (see)

  • postfix_smtp_tls_note_starttls_offer [default: true]: Log the hostname of a remote SMTP server that offers STARTTLS, when TLS is not already enabled for that server (see)

  • postfix_smtp_tls_cafile [optional]: A file containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates (e.g. /etc/ssl/certs/ca-certificates.crt)

  • postfix_smtpd_banner [default: $myhostname ESMTP $mail_name (Ubuntu)]: Greeting banner You MUST specify $myhostname at the start of the text. This is required by the SMTP protocol.

  • postfix_disable_vrfy_command [default: true]: Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses

  • postfix_message_size_limit [default: 10240000]: The maximal size in bytes of a message, including envelope information

  • postfix_smtpd_tls_cert_file [default: /etc/ssl/certs/ssl-cert-snakeoil.pem]: Path to certificate file

  • postfix_smtpd_tls_key_file [default: /etc/ssl/certs/ssl-cert-snakeoil.key]: Path to key file

  • postfix_raw_options [default: []]: List of lines (to pass extra (unsupported) configuration)

Dependencies

  • debconf
  • debconf-utils

Example(s)

A simple example that doesn't use SASL relaying:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: [email protected]

A simple example with virtual aliases for mail forwarding that doesn't use SASL relaying:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_mydestination:
      - "{{ postfix_hostname }}"
      - '$mydomain'
      - localdomain
      - localhost
      - localhost.localdomain
    postfix_virtual_aliases:
      - virtual: [email protected]
        alias: [email protected]
      - virtual: [email protected]
        alias: [email protected], [email protected]

A simple example that rewrites the sender address:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_sender_canonical_maps:
      - sender: root
        rewrite: [email protected]

Provide the relay host name if you want to enable relaying:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: [email protected]
    postfix_relayhost: mail.yourdomain.org

Provide the relay domain name and use MX records if you want to enable relaying to DNS MX records of a domain:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: [email protected]
    postfix_relayhost: yourdomain.org
    postfix_relayhost_mxlookup: true

Conditional relaying:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_transport_maps:
      - pattern: '[email protected]'
        result: ':'
      - pattern: '*'
        result: "smtp:{{ ansible_lo['ipv4']['address'] }}:1025"
    postfix_sender_dependent_relayhost_maps:
      - pattern: '[email protected]'
        result: 'DUNNO'
      - pattern: '[email protected]'
        result: 'DUNNO'
      - pattern: '*'
        result: "smtp:{{ ansible_lo['ipv4']['address'] }}:1025"

For AWS SES support:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: [email protected]
    postfix_relayhost: email-smtp.us-east-1.amazonaws.com
    postfix_relaytls: true
    # AWS IAM SES credentials (not access key):
    postfix_sasl_user: AKIXXXXXXXXXXXXXXXXX
    postfix_sasl_password: ASDFXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

For MailHog support:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: [email protected]
    postfix_relayhost: "{{ ansible_lo['ipv4']['address'] }}"
    postfix_relayhost_port: 1025
    postfix_sasl_auth_enable: false

For Gmail support:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: [email protected]
    postfix_relayhost: smtp.gmail.com
    postfix_relaytls: true
    postfix_smtp_tls_cafile: /etc/ssl/certs/ca-certificates.crt
    postfix_sasl_user: 'foo'
    postfix_sasl_password: 'bar'

If you configure your Google account for extra security to use the 2-step verification, then postfix won't send out emails anymore and you might notice error messages in the /var/log/mail.log file

To fix this issue, you need to visit the (Authorizing applications & sites) page under your Google Account settings. On this page enter the name of the application to be authorized (Postfix) and click on Generate button. Set the postfix_sasl_password variable with the password generated by this page.

A simple example that shows how to add some raw config:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_raw_options:
      - |
        milter_default_action = accept
        milter_protocol = 6
        smtpd_milters = unix:opendkim/opendkim.sock unix:opendmarc/opendmarc.sock unix:spamass/spamass.sock unix:clamav/clamav-milter.ctl
        milter_connect_macros = "i j {daemon_name} v {if_name} _"
        policyd-spf_time_limit = 3600

License

MIT

Author Information

Mischa ter Smitten

Feedback, bug-reports, requests, ...

Are welcome!

More Repositories

1

ansible-haproxy

Ansible role to set up (the latest version of) HAProxy in Ubuntu systems
Jinja
121
star
2

ansible-wordpress

Ansible role to set up (multiple) wordpress installations in Debian-like systems (using wp-cli)
Shell
76
star
3

ansible-ufw

Ansible role to set up ufw in Debian-like systems
Jinja
47
star
4

ansible-percona-server

Ansible role to set up percona-server server in Debian-like systems
Jinja
45
star
5

ansible-r

Ansible role to set up (the latest version of) R in Ubuntu systems
R
42
star
6

ansible-keepalived

Ansible role to set up keepalived in Debian-like systems
Jinja
35
star
7

ansible-supervisor

Ansible role to set up (the latest or a specific version of) supervisor in Debian-like systems
Jinja
35
star
8

ansible-locales

Ansible role to set up locales in Debian-like systems
Jinja
33
star
9

php-statistics

Statistics library for PHP
PHP
32
star
10

damerau-levenshtein

Get text similarity level with Damerau-Levenshtein distance
PHP
32
star
11

ansible-ssh-keys

Ansible role to manage ssh keys in Debian-like systems
Dockerfile
29
star
12

ansible-dnsmasq

Ansible role to set up Dnsmasq in Debian-like systems
Dockerfile
27
star
13

ansible-apt

Ansible role to manage packages and up(date|grade)s in Debian-like systems
Jinja
24
star
14

ansible-pycharm

Ansible role to set up PyCharm
Dockerfile
16
star
15

ansible-duply-backup

Ansible role to set up backups using duply in Debian-like systems
Jinja
15
star
16

ansible-nodejs

Ansible role to set up the latest version of Node.js and npm in Debian-like systems
Dockerfile
15
star
17

ansible-autossh-tunnel-client

Set up a persistent tunnel (using autossh) in Ubuntu systems (client side)
Shell
15
star
18

ansible-sysctl

Ansible role to manage sysctl settings
Dockerfile
13
star
19

ansible-percona-server-tools

Ansible role to manage percona-server server (or any other flavour of MySQL) in Debian-like systems
Dockerfile
12
star
20

ansible-rsyslog

Ansible role to manage rsyslog and rsyslog.d in Debian-like systems
Jinja
11
star
21

ansible-tinyproxy

Ansible role to set up tinyproxy in Debian-like systems
Dockerfile
11
star
22

ansible-snmpd

Ansible role to set up snmp(d) in Debian-like systems
Jinja
10
star
23

ansible-rstudio-server

Ansible role to set up (the latest version of) RStudio server in Debian-like systems
Dockerfile
10
star
24

ansible-autossh-tunnel-server

Set up a persistent tunnel (using autossh) in Debian-like systems (server side)
Dockerfile
10
star
25

ansible-ssh-server

Ansible role to set up an OpenSSH server in Debian-like systems
Jinja
10
star
26

ansible-sudoers

Ansible role to manage sudoers and sudoers.d in Debian-like systems
Jinja
9
star
27

ansible-user

Ansible role to manage user and group accounts
Dockerfile
9
star
28

ansible-ca-certificates

Ansible role to manage ca-certificates in Debian-like systems
Dockerfile
9
star
29

ansible-mydumper

Ansible role to set up the latest version of mydumper
Dockerfile
8
star
30

ansible-percona-toolkit

Ansible role to set up percona-toolkit in Debian-like systems
Shell
8
star
31

ansible-logrotated

Ansible role to manage logrotate and logrotate.d in Debian-like systems
Jinja
7
star
32

ansible-shiny-server

Ansible role to set up (the latest version of) Shiny server in Debian-like systems
Dockerfile
7
star
33

ansible-bash

Set up bash in Debian-like systems
Jinja
7
star
34

ansible-virtualbox

Ansible role to set up VirtualBox in Debian-like systems
Dockerfile
7
star
35

ansible-logcheck

Ansible role to set up logcheck in Debian-like systems
Jinja
6
star
36

ansible-nagios-server

Ansible role to set up nagios in Debian-like systems (server side)
Jinja
6
star
37

ansible-packer-io

Ansible role to set up Packer by HashiCorp in Debian-like systems
Dockerfile
6
star
38

ansible-rc-local

Ansible role to manage rc.local in Debian-like systems
Dockerfile
6
star
39

ansible-rstudio

Ansible role to set up (the latest version of) RStudio (IDE) in Ubuntu systems
Dockerfile
6
star
40

ansible-vim

Ansible role to set up vim in Debian-like systems
Dockerfile
6
star
41

ansible-htop

Ansible role to set up htop in Debian-like systems
Dockerfile
6
star
42

ansible-duplicity

Ansible role to set up (the latest version of) duplicity in Ubuntu systems
Dockerfile
6
star
43

ansible-ssh-client

Ansible role to set up an OpenSSH client in Debian-like systems
Jinja
5
star
44

cakephp-redis

Redis (DataSource) Plugin for CakePHP
PHP
5
star
45

ansible-nano

Ansible role to set up nano in Debian-like systems
Jinja
5
star
46

ansible-duply

Ansible role to set up (the latest version of) duply in Debian-like systems
Dockerfile
5
star
47

ansible-phpredis

Ansible role to set up PhpRedis in Debian-like systems
Dockerfile
5
star
48

ansible-yarn

Ansible role to set up (the latest version of) Yarn in Debian-like systems
Dockerfile
5
star
49

ansible-netbeans-ide

Ansible role to set up NetBeans IDE in Debian-like systems
Dockerfile
5
star
50

ansible-conntrack

Ansible role to manage (nf_)conntrack in Debian-like systems
Dockerfile
5
star
51

ansible-packer-template

Ansible role to build Debian-like Virtualbox images using Packer
Dockerfile
4
star
52

nanorc

Syntax highlighting definitions for nano
Makefile
4
star
53

ansible-updatedb

Ansible role to manage updatedb in Debian-like systems
Dockerfile
4
star
54

cakephp-social-media

A minimalistic SocialMedia Plugin for CakePHP
PHP
4
star
55

ansible-oracle-java

Ansible role to set up (the latest version of) oracle-java in Ubuntu systems
Dockerfile
4
star
56

ansible-rsync-sync

Ansible role to perform synchronization using rsync
Dockerfile
4
star
57

ansible-mydumper-backup

Ansible role to perform backups using mydumper
Shell
4
star
58

ansible-php-cli-ondrej

Ansible role to set up PHP Cli in Ubuntu systems (using Ondřej Surý's ppa)
Jinja
4
star
59

ansible-vagrant

Ansible role to set up Vagrant in Debian-like systems
Dockerfile
4
star
60

ansible-mailcatcher

Ansible role to set up (the latest version of) MailCatcher in Ubuntu systems
Jinja
4
star
61

ansible-nfs-client

Ansible role to set up NFS in Debian-like systems (client side)
Dockerfile
4
star
62

ansible-megacli

Ansible role to set up megacli in Debian-like systems
Dockerfile
4
star
63

ansible-virtualenv

Ansible role to set up (the latest version of) virtualenv(wrapper) in Debian-like systems
Dockerfile
4
star
64

ansible-hipchat

Ansible role to set up HipChat in Debian-like systems
Dockerfile
4
star
65

ansible-nagios-plugin-percona

Ansible role to set up the percona monitoring plugins for nagios in Debian-like systems
Dockerfile
3
star
66

ansible-pip

Ansible role to set up (the latest version of) pip, wheel and setuptools in Debian-like systems
Dockerfile
3
star
67

ansible-memtier-benchmark

Ansible role to set up memtier_benchmark in Debian-like systems
Dockerfile
3
star
68

ansible-socat

Ansible role to set up (the latest version of) socat in Debian-like systems
Dockerfile
3
star
69

ansible-haproxyctl

Ansible role to set up (the latest version of) HAProxyCTL in Debian-like systems
Dockerfile
3
star
70

ansible-twisted-connect-proxy

Ansible role to set up (the latest version of) twisted-connect-proxy in Ubuntu systems
Shell
3
star
71

ansible-phpstorm

Ansible role to set up PhpStorm
Dockerfile
3
star
72

ansible-slack

Ansible role to set up Slack in Debian-like systems
Dockerfile
3
star
73

ansible-top

Ansible role to set up top in Debian-like systems
Dockerfile
3
star
74

ansible-dropbox

Ansible role to set up Dropbox in Debian-like systems
Dockerfile
3
star
75

ansible-apparmor

Ansible role to remove apparmor in Debian-like systems
Dockerfile
3
star
76

r-database

Establish a database SQL connection between databases and R
R
3
star
77

ansible-tsocks

Ansible role to set up tsocks in Debian-like systems
Jinja
3
star
78

ansible-screen

Ansible role to set up screen in Debian-like systems
Dockerfile
3
star
79

ansible-cacti-client

Ansible role to set up cacti in Debian-like systems (client side)
Dockerfile
3
star
80

ansible-nginx

Ansible role to set up (the latest version of) NGINX in Debian-like systems
Jinja
3
star
81

ansible-run-parts

Ansible role to manage run-parts (and scripts) in Debian-like systems
Dockerfile
3
star
82

ansible-innotop

Ansible role to set up innotop in Debian-like systems
Dockerfile
3
star
83

ansible-mailhog

Ansible role to set up (the latest version of) MailHog in Ubuntu systems
Shell
3
star
84

ansible-fonts

Ansible role to set up fonts in Debian-like systems
Dockerfile
3
star
85

ansible-xxhash

Ansible role to set up xxHash in Debian-like systems
Dockerfile
3
star
86

ansible-netcat

Ansible role to set up netcat in Debian-like systems
Dockerfile
3
star
87

cakephp-vat-number-check

A VAT number check Plugin for CakePHP
PHP
3
star
88

ansible-komodo-ide

Ansible role to set up Komodo IDE in Debian-like systems
Dockerfile
3
star
89

ansible-hp-proliant-support-pack

Ansible role to set up HP proliant support pack in Ubuntu systems
Dockerfile
3
star
90

ansible-mariadb-client

Ansible role to set up mariadb-server client in Debian-like systems
Jinja
2
star
91

ansible-docker-machine

Ansible role to set up (the latest or a specific version of) Docker Machine in Debian-like systems
Dockerfile
2
star
92

ansible-siege

Ansible role to set up siege in Debian-like systems
Jinja
2
star
93

ansible-ansible

Ansible role to set up (the latest version of) Ansible in Debian-like systems
Dockerfile
2
star
94

ansible-nfs-server

Ansible role to set up NFS in Debian-like systems (server side)
Dockerfile
2
star
95

ansible-gnu-parallel

Ansible role to set up GNU Parallel in Debian-like systems
Dockerfile
2
star
96

ansible-pflogsumm

Ansible role to set up pflogsumm in Debian-like systems
Dockerfile
2
star
97

cakephp-edexml

An Edexml parser / validator Plugin for CakePHP
PHP
2
star
98

ansible-mainwp-crons

Ansible role to manage cron jobs related to MainWP
Dockerfile
2
star
99

ansible-nagios-client

Ansible role to set up nagios in Debian-like systems (client side)
Dockerfile
2
star
100

ansible-adminer

Ansible role to set up the latest version of adminer
Dockerfile
2
star