Home Explore Help
Register Sign In
fphammerle
/
docker-postfix
mirror of https://github.com/fphammerle/docker-postfix
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

added ansible-playbooks/forward.yml

Fabian Peter Hammerle 4 years ago
parent
233c1e4dac
commit
4772cba6af
1 changed files with 82 additions and 0 deletions
Split View Show Diff Stats
  1. 82 0
      ansible-playbooks/forward.yml

+ 82 - 0
ansible-playbooks/forward.yml
View File 

@@ -0,0 +1,82 @@
 
+- hosts: [forward.example.com]
 
+  become: true
 
+  vars:
 
+    virtual_alias_domains:
 
+    - example.co
 
+    - example.com
 
+    - example.info
 
+  tasks:
 
+  - docker_network:
 
+      name: mail
 
+  - docker_volume:
 
+      volume_name: postfix_config
 
+    register: config_volume
 
+  - docker_volume:
 
+      volume_name: postfix_queue
 
+    register: queue_volume
 
+  - stat:
 
+      path: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}'
 
+    register: config_volume_stat
 
+  - name: create virtual alias map
 
+    copy:
 
+      # http://www.postfix.org/virtual.5.html
 
+      content: |
 
+        alice@example.co alice@gmail.com
 
+        office@example.info alice@gmail.com
 
+        bob@example.co bob@gmail.com
 
+        bob@example.com bob@gmail.com
 
+      dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/virtual'
 
+      mode: u=r,g=,o=
 
+      # workaround if userns remapping enabled
 
+      # postmap: fatal: open /etc/postfix/virtual.db: Permission denied
 
+      owner: '{{ config_volume_stat.stat.uid }}'
 
+    register: virtual_alias_map
 
+  - name: create config
 
+    copy:
 
+      content: |
 
+        # $myhostname prefix is a RFC requirement
 
+        smtpd_banner = $myhostname ESMTP $mail_name quid agis?
 
+
 
+        # http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
 
+        smtpd_relay_restrictions = reject_non_fqdn_recipient, reject_unauth_destination
 
+        mydestination =
 
+        # http://www.postfix.org/VIRTUAL_README.html#virtual_alias
 
+        virtual_alias_domains = {{ virtual_alias_domains | join(', ') }}
 
+        virtual_alias_maps = hash:/etc/postfix/virtual
 
+
 
+        # include TLS protocol & cipher in 'Received' header
 
+        smtpd_tls_received_header = yes
 
+
 
+        # bytes
 
+        message_size_limit = {{ 32 * 1024 * 1024 }}
 
+
 
+        smtp_tls_security_level = encrypt
 
+        # docs recommend against whitelist
 
+        smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 
+        smtp_tls_session_cache_database = btree:${data_directory}/smtp-tls-session-cache
 
+
 
+        # http://www.postfix.org/MAILLOG_README.html
 
+        maillog_file = /dev/stdout
 
+
 
+        # http://www.postfix.org/COMPATIBILITY_README.html
 
+        compatibility_level = 2
 
+      dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf'
 
+      mode: a=r
 
+    register: config
 
+  - docker_container:
 
+      name: postfix
 
+      # 1.0.1-postfix3.4.5r0-amd64
 
+      image: fphammerle/postfix@sha256:b2d214d66f1760bdcbfa3156efa7cb08cef5d80e5f6607e181f79fdde409b82d
 
+      hostname: forward.example.com
 
+      volumes:
 
+      - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf:/etc/postfix/main.cf:ro'
 
+      - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/virtual:/etc/postfix/virtual:ro'
 
+      - '{{ queue_volume.ansible_facts.docker_volume.Mountpoint }}:/var/spool/postfix:rw'
 
+      env:
 
+        POSTMAP_PATHS: |
 
+          /etc/postfix/virtual
 
+      networks: [name: mail]
 
+      purge_networks: yes
 
+      published_ports: ['25:25']
 
+      restart_policy: unless-stopped
 
+      restart: '{{ config.changed or virtual_alias_map.changed }}'