engineering/ansible_role_mailserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#1 - Define postfix_mynetworks as variable to adjust with local nets

Browse Source
This commit is contained in:
Luciano Giacchetta 2025-07-29 18:53:19 -03:00
parent 347849efa0
commit 98315f8738
3 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README.md
View File

@ -27,18 +27,19 @@ The role's behavior can be customized using the following variables. The default
| Variable | Default Value | Description |
| :---- | :---- | :---- |
| postfix\_relayhost | "" (empty string) | **Required.** The smarthost for relaying all mail. Use square brackets \[\] to prevent MX lookups (e.g., \[smtp.sendgrid.net\]:587). |
| postfix\_relayhost\_user | (undefined) | The username for SASL authentication with the smarthost. If defined with a password, SASL auth will be enabled. |
| postfix\_relayhost\_password | (undefined) | The password or API key for the smarthost user. **It** is strongly recommended to store this in Ansible **Vault.** |
| postfix\_mail\_domain | \`{{ ansible\_domain | default('internal.local') }}\` |
| postfix\_myhostname | mail.{{ postfix\_mail\_domain }} | The fully qualified domain name (FQDN) of the mail server itself (e.g., mail.example.com). |
| postfix\_mydestination | $myhostname, localhost... | A comma-separated list of domains this server will accept mail for. The default is usually sufficient for an internal relay. |
| postfix\_inet\_interfaces | all | The network interfaces Postfix listens on. Set to loopback-only to only accept mail from the server itself. |
| postfix\_inet\_protocols | all | The IP protocols to use (ipv4, ipv6, or all). |
| postfix_relayhost | "" (empty string) | **Required.** The smarthost for relaying all mail. Use square brackets [] to prevent MX lookups (e.g., \[smtp.sendgrid.net\]:587). |
| postfix_relayhost_user | (undefined) | The username for SASL authentication with the smarthost. If defined with a password, SASL auth will be enabled. |
| postfix_relayhost_password | (undefined) | The password or API key for the smarthost user. **It** is strongly recommended to store this in Ansible **Vault.** |
| postfix_mail_domain | `{{ ansible_domain \| default('internal.local') }}` | The primary mail domain for this server |
| postfix_myhostname | `mail.{{ postfix_mail_domain }}` | The fully qualified domain name (FQDN) of the mail server itself (e.g., mail.example.com). |
| postfix_mydestination | `$myhostname, localhost.{{ postfix_mail_domain }}, localhost, {{ postfix_mail_domain }}` | A comma-separated list of domains this server will accept mail for. The default is usually sufficient for an internal relay. |
| postfix_mynetworks | `"127.0.0.0/8 [::1]/128"` | The list of "trusted" remote SMTP clients that have more privileges than "strangers"|
| postfix_inet_interfaces | all | The network interfaces Postfix listens on. Set to loopback-only to only accept mail from the server itself. |
| postfix_inet_protocols | all | The IP protocols to use (ipv4, ipv6, or all). |
### **SASL Authentication**
SASL authentication for the smarthost is **automatically enabled** if both postfix\_relayhost\_user and postfix\_relayhost\_password are defined. If they are not defined, Postfix will attempt to send mail without authentication.
SASL authentication for the smarthost is **automatically enabled** if both postfix_relayhost_user and postfix_relayhost_password are defined. If they are not defined, Postfix will attempt to send mail without authentication.
## **Dependencies**

3
defaults/main.yml
View File

@ -22,6 +22,9 @@ postfix_myhostname: "mail.{{ postfix_mail_domain }}"
# It's critical that this includes the server's own hostname and mail domain.
postfix_mydestination: "$myhostname, localhost.{{ postfix_mail_domain }}, localhost, {{ postfix_mail_domain }}"
# The list of "trusted" remote SMTP clients that have more privileges than "strangers".
postfix_mynetworks: "127.0.0.0/8 [::1]/128"
# The relayhost (smarthost) for all outgoing mail.
# This variable MUST be set for the role to work as intended.
# Example: "[smtp.sendgrid.net]:587"

3
templates/main.cf.j2
View File

@ -19,13 +19,14 @@ recipient_delimiter = +
# For a production server, replace snakeoil with real certificates.
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtpd_use_tls=yes
# Host and domain configuration
myhostname = {{ postfix_myhostname }}
myorigin = /etc/mailname
mydestination = {{ postfix_mydestination }}
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks = {{ postfix_mynetworks }}
# Relayhost (smarthost) configuration
# All outgoing mail will be sent through this host. This is the only