Ansible role to set up postfix in Debian-like systems
Latest commit 31c3822 Feb 7, 2017 @tersmitten tersmitten committed on GitHub Merge pull request #29 from Oefenweb/add-support-for-smtp-tls-cafile
Add support for smtp_tls_CAfile

README.md

postfix

Build Status Ansible Galaxy

Set up a postfix server in Debian-like systems.

Requirements

None

Variables

  • postfix_install [default: [postfix, mailutils, libsasl2-2, sasl2-bin, libsasl2-modules]]: Packages to install
  • postfix_hostname [default: {{ ansible_fqdn }}]: Host name, used for myhostname and in mydestination
  • postfix_mailname [default: {{ ansible_fqdn }}]: Mail name (in /etc/mailname), used for myorigin
  • postfix_aliases [default: []]: Aliases to ensure present in /etc/aliases
  • postfix_mynetworks [default: ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128']]: The list of "trusted" remote SMTP clients that have more privileges than "strangers"
  • postfix_inet_interfaces [default: all]: Network interfaces to bind (see)
  • postfix_inet_protocols [default: all]: The Internet protocols Postfix will attempt to use when making or accepting connections (see)
  • postfix_sasl_auth_enable [default: true]: Enable SASL authentication in the SMTP client
  • postfix_relayhost [default: false (no relay host)]: Hostname to relay all email to
  • postfix_relayhost_port [default: 587]: Relay port (on postfix_relayhost, if set)
  • postfix_sasl_security_options [default: noanonymous]: SMTP client SASL security options
  • postfix_relaytls [default: false]: Use TLS when sending with a relay host
  • postfix_smtp_tls_cafile [optional]: A file containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates (e.g. /etc/ssl/certs/ca-certificates.crt)
  • postfix_sasl_user [default: postmaster@{{ ansible_domain }}]: SASL relay username
  • postfix_sasl_password [default: k8+haga4@#pR]: SASL relay password Make sure to change!

Dependencies

  • debconf
  • debconf-utils

Example

A simple example that doesn't use SASL relaying:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: you@yourdomain.org

Provide the relay host name if you want to enable relaying:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: you@yourdomain.org
    postfix_relayhost: mail.yourdomain.org

For AWS SES support:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: sesverified@yourdomain.org
    postfix_relayhost: email-smtp.us-east-1.amazonaws.com
    postfix_relaytls: true
    # AWS IAM SES credentials (not access key):
    postfix_sasl_user: AKIXXXXXXXXXXXXXXXXX
    postfix_sasl_password: ASDFXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

For MailHog support:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: you@yourdomain.org
    postfix_relayhost: "{{ ansible_lo['ipv4']['address'] }}"
    postfix_relayhost_port: 1025
    postfix_sasl_auth_enable: false

For Gmail support:

---
- hosts: all
  roles:
    - postfix
  vars:
    postfix_aliases:
      - user: root
        alias: you@yourdomain.org
    postfix_relayhost: smtp.gmail.com
    postfix_relaytls: true
    postfix_smtp_tls_cafile: /etc/ssl/certs/ca-certificates.crt
    postfix_sasl_user: 'foo'
    postfix_sasl_password: 'bar'

License

MIT

Author Information

Mischa ter Smitten

Feedback, bug-reports, requests, ...

Are welcome!