From 815c6a1565d30de7213a57303930ff3420348397 Mon Sep 17 00:00:00 2001 From: Olivier Navas Date: Sat, 13 Jan 2024 20:13:53 +0100 Subject: [PATCH] =?UTF-8?q?Possibilit=C3=A9=20de=20faire=20relayer=20par?= =?UTF-8?q?=20postfix=20les=20messages=20syst=C3=A8me=20via=20un=20relai?= =?UTF-8?q?=20avec=20authentification=20sasl?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- defaults/main.yml | 4 ++++ tasks/configure_postfix_relay.yml | 23 ++++++++++++++++++++--- templates/postfix-main.cf.j2 | 11 +++++++++++ templates/sasl-password-map | 2 ++ 4 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 templates/sasl-password-map diff --git a/defaults/main.yml b/defaults/main.yml index 8328bca..6bb5696 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,9 @@ --- common_postfix_mail_relay: mail.{{ common_searchdomain }} common_postfix_mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +common_postfix_sender_canonical_maps: "" +common_postfix_recipient_canonical_maps: "" +common_postfix_configure_sasl: false common_X11Forwarding: false common_swappiness: 5 + diff --git a/tasks/configure_postfix_relay.yml b/tasks/configure_postfix_relay.yml index 230c685..1a22d6f 100644 --- a/tasks/configure_postfix_relay.yml +++ b/tasks/configure_postfix_relay.yml @@ -8,7 +8,9 @@ - name: Installation postfix package: - name: postfix + name: + - postfix + - libsasl2-modules state: present - name: Configuration postfix @@ -18,6 +20,21 @@ notify: - restart postfix +- name: Configuration postfix + template: + src: sasl-password-map + dest: /etc/postfix/sasl-password-map + mode: 0600 + owner: root + group: root + register: _sasl_password_map + when: common_postfix_configure_sasl is true + +- shell: | + cd /etc/postfix/ + postmap sasl-password-map + when: common_postfix_configure_sasl is true and _sasl_password_map.changed + - name: Configuration aliases postfix template: src: aliases.j2 @@ -38,7 +55,7 @@ mode: 0755 create: yes block: | - # A completer + {{ common_postfix_sender_canonical_maps }} register: sender_canonical_maps_regexp - name: Configure recipient_canonical_maps_regexp @@ -50,7 +67,7 @@ mode: 0755 create: yes block: | - # A completer + {{ common_postfix_recipient_canonical_maps }} register: recipiend_canonical_maps_regexp - name: postmap diff --git a/templates/postfix-main.cf.j2 b/templates/postfix-main.cf.j2 index 8013dca..93ac03f 100644 --- a/templates/postfix-main.cf.j2 +++ b/templates/postfix-main.cf.j2 @@ -12,7 +12,11 @@ compatibility_level = 2 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases +{% if common_postfix_configure_sasl is true %} +relayhost = [{{ common_postfix_mail_relay }}]:587 +{% else %} relayhost = {{ common_postfix_mail_relay }} +{% endif %} mynetworks = {{ common_postfix_mynetworks }} inet_interfaces = localhost inet_protocols = all @@ -20,3 +24,10 @@ inet_protocols = all # reecritures d'adresses si besoin sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps_regexp recipient_canonical_maps = regexp:/etc/postfix/recipient_canonical_maps_regexp + +{% if common_postfix_configure_sasl is true %} +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = hash:/etc/postfix/sasl-password-map +smtp_sasl_security_options = noanonymous +smtp_tls_security_level = encrypt +{% endif %} diff --git a/templates/sasl-password-map b/templates/sasl-password-map new file mode 100644 index 0000000..7f05298 --- /dev/null +++ b/templates/sasl-password-map @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +{{ common_postfix_mail_relay }} {{ common_postfix_sasl_login }}:{{ common_postfix_sasl_password }}