123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 |
- - hosts: [forward.example.com]
- become: true
- vars:
- virtual_alias_domains:
- - example.co
- - example.com
- - example.info
- tasks:
- - docker_network:
- name: mail
- - docker_volume:
- volume_name: postfix_config
- register: config_volume
- - docker_volume:
- volume_name: postfix_queue
- register: queue_volume
- - stat:
- path: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}'
- register: config_volume_stat
- - name: create virtual alias map
- copy:
- # http://www.postfix.org/virtual.5.html
- content: |
- /^alice/ alice@gmail.com
- /^bob/ bob@gmail.com
- /^postmaster\@/ alice@gmail.com
- dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/virtual'
- mode: u=r,g=,o=
- # workaround if userns remapping enabled
- # postmap: fatal: open /etc/postfix/virtual.db: Permission denied
- owner: '{{ config_volume_stat.stat.uid }}'
- register: virtual_alias_map
- - name: create config
- copy:
- content: |
- # $myhostname prefix is a RFC requirement
- smtpd_banner = $myhostname ESMTP $mail_name quid agis?
- # http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
- smtpd_relay_restrictions = reject_non_fqdn_recipient, reject_unauth_destination
- mydestination =
- # http://www.postfix.org/VIRTUAL_README.html#virtual_alias
- virtual_alias_domains = {{ virtual_alias_domains | join(', ') }}
- virtual_alias_maps = regexp:/etc/postfix/virtual
- # include TLS protocol & cipher in 'Received' header
- smtpd_tls_received_header = yes
- # bytes
- message_size_limit = {{ 32 * 1024 * 1024 }}
- delay_warning_time = 1h
- smtp_tls_security_level = encrypt
- # docs recommend against whitelist
- smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
- smtp_tls_session_cache_database = btree:${data_directory}/smtp-tls-session-cache
- # http://www.postfix.org/MAILLOG_README.html
- maillog_file = /dev/stdout
- # http://www.postfix.org/COMPATIBILITY_README.html
- compatibility_level = 2
- dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf'
- # postfix: warning: not owned by root
- owner: '{{ config_volume_stat.stat.uid }}'
- mode: u=r,g=,o=
- register: config
- - docker_container:
- name: postfix
- # 1.0.1-postfix3.4.5r0-amd64
- image: fphammerle/postfix@sha256:b2d214d66f1760bdcbfa3156efa7cb08cef5d80e5f6607e181f79fdde409b82d
- hostname: forward.example.com
- volumes:
- - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf:/etc/postfix/main.cf:ro'
- - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/virtual:/etc/postfix/virtual:ro'
- - '{{ queue_volume.ansible_facts.docker_volume.Mountpoint }}:/var/spool/postfix:rw'
- networks: [name: mail]
- purge_networks: yes
- published_ports: ['25:25']
- restart_policy: unless-stopped
- restart: '{{ config.changed or virtual_alias_map.changed }}'
|