Home Explore Help
Register Sign In
fphammerle
/
docker-postfix
mirror of https://github.com/fphammerle/docker-postfix
1
0
Fork 0
Files Issues 0 Wiki
Tree: 10a7cf6948
Branches Tags
docker-postfix
/
ansible-playbooks
/
null-client.yml

null-client.yml 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. - hosts: [localhost]
    2. 

  2.   become: true
    3. 

  3.   tasks:
    4. 

  4.   - docker_network:
    5. 

  5.       name: mail
    6. 

  6.   - docker_volume:
    7. 

  7.       volume_name: postfix_config
    8. 

  8.     register: config_volume
    9. 

  9.   - name: copy trusted CA certs
    10. 

  10.     copy:
    11. 

  11.       src: ../smtp-tls-trusted-ca.pem
    12. 

  12.       dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/smtp-tls-trusted-ca.pem'
    13. 

  13.     register: smtp_trusted_ca_certs
    14. 

  14.   - name: create config
    15. 

  15.     copy:
    16. 

  16.       content: |
    17. 

  17.         # $myhostname prefix is a RFC requirement
    18. 

  18.         smtpd_banner = $myhostname ESMTP $mail_name quid agis?
    19. 

  19. 

  20.         # RCPT TO matches $relay_domains => !reject_unauth_destination
    21. 

  21.         # http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
    22. 

  22.         smtpd_relay_restrictions = reject_non_fqdn_recipient, reject_unauth_destination
    23. 

  23.         mydestination =
    24. 

  24.         relay_domains = example.com
    25. 

  25. 

  26.         # include TLS protocol & cipher in 'Received' header
    27. 

  27.         smtpd_tls_received_header = yes
    28. 

  28.         # + sasl username
    29. 

  29.         smtpd_sasl_authenticated_header = yes
    30. 

  30. 

  31.         relayhost = relay.example.com:submission
    32. 

  32.         smtp_tls_security_level = secure
    33. 

  33.         smtp_tls_secure_cert_match = nexthop
    34. 

  34.         smtp_tls_CAfile = /etc/postfix/smtp-tls-trusted-ca.pem
    35. 

  35.         # docs recommend against whitelist
    36. 

  36.         smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
    37. 

  37.         smtp_tls_session_cache_database = btree:${data_directory}/smtp-tls-session-cache
    38. 

  38. 

  39.         # http://www.postfix.org/MAILLOG_README.html
    40. 

  40.         maillog_file = /dev/stdout
    41. 

  41. 

  42.         # http://www.postfix.org/COMPATIBILITY_README.html
    43. 

  43.         compatibility_level = 2
    44. 

  44.       dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf'
    45. 

  45.       mode: a=r
    46. 

  46.     register: config
    47. 

  47.   - docker_container:
    48. 

  48.       name: postfix
    49. 

  49.       # 1.0.0-postfix3.4.5r0-amd64
    50. 

  50.       image: fphammerle/postfix@sha256:33c2dfc8d292b8399f7c61b206922b81c870ce5ae2c7e233fd1a38d420417154
    51. 

  51.       hostname: postfix-test
    52. 

  52.       volumes:
    53. 

  53.       - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf:/etc/postfix/main.cf:ro'
    54. 

  54.       - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/smtp-tls-trusted-ca.pem:/etc/postfix/smtp-tls-trusted-ca.pem:ro'
    55. 

  55.       networks: [name: mail]
    56. 

  56.       purge_networks: yes
    57. 

  57.       published_ports: ['localhost:25:25']
    58. 

  58.       restart_policy: unless-stopped
    59. 

  59.       restart: '{{ config.changed or smtp_trusted_ca_certs.changed }}'
    60.