Home Explore Help
Sign In
fphammerle
/
docker-postfix
mirror of https://github.com/fphammerle/docker-postfix
1
0
Fork 0
Files Issues 0 Wiki
Tree: 6ad9a21083
Branches Tags
docker-postfix
/
ansible-playbooks
/
null-client.yml

null-client.yml 2.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. - hosts: [localhost]
    2. 

  2.   become: true
    3. 

  3.   tasks:
    4. 

  4.   - docker_network:
    5. 

  5.       name: mail
    6. 

  6.   - docker_volume:
    7. 

  7.       volume_name: postfix_config
    8. 

  8.     register: config_volume
    9. 

  9.   - docker_volume:
    10. 

  10.       volume_name: postfix_queue
    11. 

  11.     register: queue_volume
    12. 

  12.   - name: copy trusted CA certs
    13. 

  13.     copy:
    14. 

  14.       src: ../smtp-tls-trusted-ca.pem
    15. 

  15.       dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/smtp-tls-trusted-ca.pem'
    16. 

  16.     register: smtp_trusted_ca_certs
    17. 

  17.   - name: create config
    18. 

  18.     copy:
    19. 

  19.       content: |
    20. 

  20.         # $myhostname prefix is a RFC requirement
    21. 

  21.         smtpd_banner = $myhostname ESMTP $mail_name quid agis?
    22. 

  22. 

  23.         # RCPT TO matches $relay_domains => !reject_unauth_destination
    24. 

  24.         # http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
    25. 

  25.         smtpd_relay_restrictions = reject_non_fqdn_recipient, reject_unauth_destination
    26. 

  26.         mydestination =
    27. 

  27.         relay_domains = example.com
    28. 

  28. 

  29.         # include TLS protocol & cipher in 'Received' header
    30. 

  30.         smtpd_tls_received_header = yes
    31. 

  31.         # + sasl username
    32. 

  32.         smtpd_sasl_authenticated_header = yes
    33. 

  33. 

  34.         relayhost = relay.example.com:submission
    35. 

  35.         smtp_tls_security_level = secure
    36. 

  36.         smtp_tls_secure_cert_match = nexthop
    37. 

  37.         smtp_tls_CAfile = /etc/postfix/smtp-tls-trusted-ca.pem
    38. 

  38.         # docs recommend against whitelist
    39. 

  39.         smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
    40. 

  40.         smtp_tls_session_cache_database = btree:${data_directory}/smtp-tls-session-cache
    41. 

  41. 

  42.         # http://www.postfix.org/MAILLOG_README.html
    43. 

  43.         maillog_file = /dev/stdout
    44. 

  44. 

  45.         # http://www.postfix.org/COMPATIBILITY_README.html
    46. 

  46.         compatibility_level = 2
    47. 

  47.       dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf'
    48. 

  48.       mode: a=r
    49. 

  49.     register: config
    50. 

  50.   - docker_container:
    51. 

  51.       name: postfix
    52. 

  52.       # 1.0.1-postfix3.4.5r0-amd64
    53. 

  53.       image: fphammerle/postfix@sha256:b2d214d66f1760bdcbfa3156efa7cb08cef5d80e5f6607e181f79fdde409b82d
    54. 

  54.       hostname: postfix-test
    55. 

  55.       volumes:
    56. 

  56.       - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf:/etc/postfix/main.cf:ro'
    57. 

  57.       - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/smtp-tls-trusted-ca.pem:/etc/postfix/smtp-tls-trusted-ca.pem:ro'
    58. 

  58.       - '{{ queue_volume.ansible_facts.docker_volume.Mountpoint }}:/var/spool/postfix:rw'
    59. 

  59.       networks: [name: mail]
    60. 

  60.       purge_networks: yes
    61. 

  61.       published_ports: ['localhost:25:25']
    62. 

  62.       restart_policy: unless-stopped
    63. 

  63.       restart: '{{ config.changed or smtp_trusted_ca_certs.changed }}'
    64.