libretic
/
ansible-role-common
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Possibilité de faire relayer par postfix les messages système via un relai avec authentification sasl

This commit is contained in:
Navas 2024-01-13 20:13:53 +01:00
parent 067fce5e3c
commit 815c6a1565
4 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
defaults/main.yml
View File

@ -1,5 +1,9 @@
--- ---
common_postfix_mail_relay: mail.{{ common_searchdomain }} common_postfix_mail_relay: mail.{{ common_searchdomain }}
common_postfix_mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 common_postfix_mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
common_postfix_sender_canonical_maps: ""
common_postfix_recipient_canonical_maps: ""
common_postfix_configure_sasl: false
common_X11Forwarding: false common_X11Forwarding: false
common_swappiness: 5 common_swappiness: 5

23
tasks/configure_postfix_relay.yml
View File

@ -8,7 +8,9 @@
- name: Installation postfix - name: Installation postfix
package: package:
name: postfix name:
- postfix
- libsasl2-modules
state: present state: present
- name: Configuration postfix - name: Configuration postfix
@ -18,6 +20,21 @@
notify: notify:
- restart postfix - restart postfix
- name: Configuration postfix
template:
src: sasl-password-map
dest: /etc/postfix/sasl-password-map
mode: 0600
owner: root
group: root
register: _sasl_password_map
when: common_postfix_configure_sasl is true
- shell: |
cd /etc/postfix/
postmap sasl-password-map
when: common_postfix_configure_sasl is true and _sasl_password_map.changed
- name: Configuration aliases postfix - name: Configuration aliases postfix
template: template:
src: aliases.j2 src: aliases.j2
@ -38,7 +55,7 @@
mode: 0755 mode: 0755
create: yes create: yes
block: | block: |
# A completer {{ common_postfix_sender_canonical_maps }}
register: sender_canonical_maps_regexp register: sender_canonical_maps_regexp
- name: Configure recipient_canonical_maps_regexp - name: Configure recipient_canonical_maps_regexp
@ -50,7 +67,7 @@
mode: 0755 mode: 0755
create: yes create: yes
block: | block: |
# A completer {{ common_postfix_recipient_canonical_maps }}
register: recipiend_canonical_maps_regexp register: recipiend_canonical_maps_regexp
- name: postmap - name: postmap

11
templates/postfix-main.cf.j2
View File

@ -12,7 +12,11 @@ compatibility_level = 2
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
alias_maps = hash:/etc/aliases alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases alias_database = hash:/etc/aliases
{% if common_postfix_configure_sasl is true %}
relayhost = [{{ common_postfix_mail_relay }}]:587
{% else %}
relayhost = {{ common_postfix_mail_relay }} relayhost = {{ common_postfix_mail_relay }}
{% endif %}
mynetworks = {{ common_postfix_mynetworks }} mynetworks = {{ common_postfix_mynetworks }}
inet_interfaces = localhost inet_interfaces = localhost
inet_protocols = all inet_protocols = all
@ -20,3 +24,10 @@ inet_protocols = all
# reecritures d'adresses si besoin # reecritures d'adresses si besoin
sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps_regexp sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps_regexp
recipient_canonical_maps = regexp:/etc/postfix/recipient_canonical_maps_regexp recipient_canonical_maps = regexp:/etc/postfix/recipient_canonical_maps_regexp
{% if common_postfix_configure_sasl is true %}
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl-password-map
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
{% endif %}

2
templates/sasl-password-map Normal file
View File

@ -0,0 +1,2 @@
# {{ ansible_managed }}
{{ common_postfix_mail_relay }} {{ common_postfix_sasl_login }}:{{ common_postfix_sasl_password }}