50 lines
1.6 KiB
Django/Jinja
50 lines
1.6 KiB
Django/Jinja
# This Jinja2 template is used to generate the /etc/postfix/main.cf file.
|
|
# It uses variables to make the role reusable.
|
|
#
|
|
# See: https://www.postfix.org/postconf.5.html
|
|
#
|
|
# Ansible managed: {{ ansible_managed }}
|
|
#
|
|
# Basic configuration
|
|
smtpd_banner = $myhostname ESMTP
|
|
biff = no
|
|
append_dot_mydomain = no
|
|
readme_directory = no
|
|
compatibility_level = 3.6
|
|
inet_protocols = {{ postfix_inet_protocols }}
|
|
inet_interfaces = {{ postfix_inet_interfaces }}
|
|
recipient_delimiter = +
|
|
|
|
# TLS parameters for incoming connections
|
|
# For a production server, replace snakeoil with real certificates.
|
|
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
|
smtpd_use_tls=yes
|
|
|
|
# Host and domain configuration
|
|
myhostname = {{ postfix_myhostname }}
|
|
myorigin = /etc/mailname
|
|
mydestination = {{ postfix_mydestination }}
|
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
|
|
|
# Relayhost (smarthost) configuration
|
|
# All outgoing mail will be sent through this host. This is the only
|
|
# supported outbound method in this configuration.
|
|
relayhost = {{ postfix_relayhost }}
|
|
|
|
# SASL configuration for the relayhost (if credentials are provided)
|
|
{% if postfix_relayhost_user is defined and postfix_relayhost_password is defined %}
|
|
smtp_sasl_auth_enable = yes
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
|
smtp_sasl_security_options = noanonymous
|
|
# Use 'encrypt' for services like Gmail/O365 that require TLS
|
|
smtp_tls_security_level = encrypt
|
|
{% else %}
|
|
# If no auth, 'may' is a safe default for opportunistic TLS
|
|
smtp_tls_security_level = may
|
|
{% endif %}
|
|
|
|
# Other settings
|
|
alias_maps = hash:/etc/aliases
|
|
alias_database = hash:/etc/aliases
|