Configure mail

2022-08-27 22:07:17 +02:00 · 2022-08-27 22:07:17 +02:00 · 33bb6df38d
commit 33bb6df38d
parent 1fa53010f4
7 changed files with 106 additions and 7 deletions
--- a/machine.yml
+++ b/machine.yml
@ -10,6 +10,70 @@
    # E-mail configuration.
    # ----------------------------------------------------------------------------------------------

+    - name: Configure mailname
+      template:
+        src: ./root/etc/mailname.j2
+        dest: /etc/mailname
+        mode: 0644
+      register: mail_mailname
+
+    - name: Configure aliases
+      template:
+        src: ./root/etc/aliases.j2
+        dest: /etc/aliases
+        mode: 0644
+      register: mail_aliases
+
+    - name: Update aliases
+      command: newaliases
+      when: mail_aliases is changed
+
+    - name: Configure mailutils
+      template:
+        src: ./root/etc/mailutils.conf.j2
+        dest: /etc/mailutils.conf
+        mode: 0644
+
    - name: Install postfix
      apt:
+        name:
+          - postfix
+          - ca-certificates
+          - libsasl2-modules
+      register: mail_postfix_install
+
+    - name: Configure postfix
+      template:
+        src: ./root/etc/postfix/main.cf.j2
+        dest: /etc/postfix/main.cf
+        mode: 0644
+      register: mail_postfix_cfg
+
+    - name: Configure credentials
+      template:
+        src: ./root/etc/postfix/sasl_passwd.j2
+        dest: /etc/postfix/sasl_passwd
+        mode: 0600
+      register: mail_postfix_credentials
+
+    - name: Create hash database
+      command: postmap /etc/postfix/sasl_passwd
+      when:
+        mail_postfix_credentials is changed
+
+    - name: Set hash database permissions
+      file:
+        path: /etc/postfix/sasl_passwd.db
+        mode: 0600
+
+    - name: Enable/restart postfix
+      service:
        name: postfix
+        state: restarted
+        enabled: yes
+      when:
+        mail_mailname is changed or
+        mail_aliases is changed or
+        mail_postfix_install is changed or
+        mail_postfix_cfg is changed or
+        mail_postfix_credentials is changed
--- a/root/etc/aliases.j2
+++ b/root/etc/aliases.j2
@ -0,0 +1,14 @@
+# /etc/aliases
+mailer-daemon: postmaster
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+root: root.yggdrasil@{{ domain }}
--- a/root/etc/mailname.j2
+++ b/root/etc/mailname.j2
@ -0,0 +1 @@
+{{ domain }}
--- a/root/etc/mailutils.conf.j2
+++ b/root/etc/mailutils.conf.j2
@ -0,0 +1,3 @@
+address {
+  email-domain {{ domain }};
+};
--- a/root/etc/postfix/main.cf.j2
+++ b/root/etc/postfix/main.cf.j2
@ -4,9 +4,9 @@
 # Debian specific:  Specifying a file name will cause the first
 # line of that file to be used as the name.  The Debian default
 # is /etc/mailname.
-#myorigin = /etc/mailname
+myorigin = /etc/mailname

-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+smtpd_banner = $myhostname ESMTP
 biff = no

 # appending .domain is the MUA's job.
@ -29,18 +29,24 @@ smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 smtpd_tls_security_level=may

 smtp_tls_CApath=/etc/ssl/certs
-smtp_tls_security_level=may
+smtp_tls_security_level=encrypt
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_wrappermode = yes


 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = yggdrasil
+myhostname = {{ hostname }}.{{ domain }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
-mydestination = $myhostname, yggdrasil, localhost.localdomain, , localhost
-relayhost = 
+mydestination = $myhostname, {{ hostname }}, localhost
+relayhost = [{{ postfix_smtp_server }}]:{{ postfix_smtp_port }}
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
 recipient_delimiter = +
-inet_interfaces = all
+inet_interfaces = loopback-only
 inet_protocols = all
+
+# SASL parameters
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options = noanonymous
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
--- a/root/etc/postfix/sasl_passwd.j2
+++ b/root/etc/postfix/sasl_passwd.j2
@ -0,0 +1 @@
+[{{ postfix_smtp_server }}]:{{ postfix_smtp_port }} {{ postfix_smtp_user }}:{{ postfix_smtp_pass }}
--- a/secrets.def.yml
+++ b/secrets.def.yml
@ -1,3 +1,13 @@
 # Ansible variables
 ansible_port:
 ansible_become_password:
+
+# Machine variables
+hostname:
+domain:
+
+# Postfix variables
+postfix_smtp_server:
+postfix_smtp_port:
+postfix_smtp_user:
+postfix_smtp_pass:
				`@ -0,0 +1 @@`
				`[{{ postfix_smtp_server }}]:{{ postfix_smtp_port }} {{ postfix_smtp_user }}:{{ postfix_smtp_pass }}`