Possibilité de faire relayer par postfix les messages système via un relai avec authentification sasl

2024-01-13 20:13:53 +01:00 · 2024-01-13 20:13:53 +01:00 · 815c6a1565
commit 815c6a1565
parent 067fce5e3c
4 changed files with 37 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,5 +1,9 @@
 ---
 common_postfix_mail_relay: mail.{{ common_searchdomain }}
 common_postfix_mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+common_postfix_sender_canonical_maps: ""
+common_postfix_recipient_canonical_maps: ""
+common_postfix_configure_sasl: false
 common_X11Forwarding: false
 common_swappiness: 5
+
--- a/tasks/configure_postfix_relay.yml
+++ b/tasks/configure_postfix_relay.yml
@ -8,7 +8,9 @@

 - name: Installation postfix
  package:
-    name: postfix
+    name:
+      - postfix
+      - libsasl2-modules
    state: present

 - name: Configuration postfix
@ -18,6 +20,21 @@
  notify:
    - restart postfix

+- name: Configuration postfix
+  template:
+    src: sasl-password-map
+    dest: /etc/postfix/sasl-password-map
+    mode: 0600
+    owner: root
+    group: root
+  register: _sasl_password_map
+  when: common_postfix_configure_sasl is true
+
+- shell: |
+    cd /etc/postfix/
+    postmap sasl-password-map
+  when: common_postfix_configure_sasl is true and _sasl_password_map.changed
+
 - name: Configuration aliases postfix
  template:
    src: aliases.j2
@ -38,7 +55,7 @@
    mode: 0755
    create: yes
    block: |
-      # A completer
+      {{ common_postfix_sender_canonical_maps }}
  register: sender_canonical_maps_regexp

 - name: Configure recipient_canonical_maps_regexp
@ -50,7 +67,7 @@
    mode: 0755
    create: yes
    block: |
-      # A completer
+      {{ common_postfix_recipient_canonical_maps }}
  register: recipiend_canonical_maps_regexp

 - name: postmap
--- a/templates/postfix-main.cf.j2
+++ b/templates/postfix-main.cf.j2
@ -12,7 +12,11 @@ compatibility_level = 2
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
+{% if common_postfix_configure_sasl is true %}
+relayhost = [{{ common_postfix_mail_relay }}]:587
+{% else %}
 relayhost = {{ common_postfix_mail_relay }}
+{% endif %}
 mynetworks = {{ common_postfix_mynetworks }}
 inet_interfaces = localhost
 inet_protocols = all
@ -20,3 +24,10 @@ inet_protocols = all
 # reecritures d'adresses si besoin
 sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps_regexp
 recipient_canonical_maps = regexp:/etc/postfix/recipient_canonical_maps_regexp
+
+{% if common_postfix_configure_sasl is true %}
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl-password-map
+smtp_sasl_security_options = noanonymous
+smtp_tls_security_level = encrypt
+{% endif %}
--- a/templates/sasl-password-map
+++ b/templates/sasl-password-map
@ -0,0 +1,2 @@
+# {{ ansible_managed }}
+{{ common_postfix_mail_relay }}  {{ common_postfix_sasl_login }}:{{ common_postfix_sasl_password }}