---
mail_server_fqdn: mail.example.org
mail_db_user: mail_admin
mail_db_password: "{{ vault_mail_admin_password }}"
mail_db_name: 'mail'
admin_password: "{{ mail_admin_password }}"
mail_admin_username: 'mail_admin'
mail_db_users_table_name: 'users'
mail_db_users_password_field: 'password'
mail_db_users_username_field: 'email'
mail_db_users_alias_field: 'alias'
mail_db_users_quota_field: 'quota'
dns_resolver: 1.1.1.1
postfix_blacklist: []
mail_domains:
  - example.org
  - example.net
mail_own_networks:
  - 1.2.3.4
mail_own_networks_hosts:
  - host1.example.org
  - host1.example.com
update_spam_db_user: "{{ vault_update_spam_db_user }}"
mail_users:
  - fullname: User number 1
    email: user1@example.org
    password: "{{ vault_user1_md5_password_hash }}"
    quota: 104857600000
mail_transports:
  - domain: example.com
    transport: smtp
mail_forwardings:
  - source: user_1@example.org
    destination: user1@example.org
    porpouse: Alias for user1. Mail sent to user_1 it's redirected to user1
postfix_master_extra: |
    dbmail-lmtp     unix    -       -       n       -       -       lmtp
        -o disable_dns_lookups=yes
postfix_config:
  alias_database: hash:/etc/aliases
  alias_maps: hash:/etc/aliases
  append_dot_mydomain: no
  biff: no
  body_checks: regexp:/etc/postfix/maps/body_checks
  broken_sasl_auth_clients: yes
  compatibility_level: 3.6
  header_checks: regexp:/etc/postfix/whitelist_senders.map regexp:/etc/postfix/maps/spam_filter_header_check
  html_directory: /usr/share/doc/postfix/html
  inet_interfaces: all
  inet_protocols: all
  mailbox_size_limit: 0
  mydestination: "{{ mail_server_fqdn }}; localhost; localhost.localdomain"
  myhostname: "{{ mail_server_fqdn }}"
  mynetworks: "127.0.0.0/8 hash:/etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %}"
  myorigin: /etc/mailname
  policy-spf_time_limit: 3600s
  proxy_read_maps: $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
  readme_directory: /usr/share/doc/postfix
  recipient_delimiter: +
  relay_recipient_maps: ''
  smtpd_banner: $myhostname ESMTP $mail_name
  # Block clients that speak too early.
  smtpd_data_restrictions: reject_unauth_pipelining
  # Don't talk to mail systems that don't know their own hostname.
  smtpd_helo_restrictions: permit_mynetworks reject_unknown_helo_hostname
  smtpd_recipient_restrictions: permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf, check_client_access cidr:/etc/postfix/blacklist
  smtpd_relay_restrictions: permit_mynetworks permit_sasl_authenticated defer_unauth_destination
  smtpd_sasl_auth_enable: 'yes'
  smtpd_sasl_authenticated_header: 'yes'
  smtpd_tls_cert_file: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem"
  smtpd_tls_dh1024_param_file: /etc/ssl/private/dhparams.pem
  smtpd_tls_exclude_ciphers: aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
  smtpd_tls_key_file: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem"
  smtpd_tls_session_cache_database: btree:/var/lib/postfix/smtpd_scache
  smtpd_use_tls: yes
  # If this is a backupmx or satellite then smtp_sasl_auth_enable: 'yes'
  smtp_sasl_auth_enable: 'no'
  smtp_sasl_security_options: noanonymous
  smtp_sasl_type: cyrus
  smtp_tls_session_cache_database: btree:/var/lib/postfix/smtp_scache
  smtp_use_tls: 'yes'
  transport_maps: proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
  virtual_alias_domains: ''
  virtual_alias_maps: proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
  virtual_gid_maps: static:5000
  virtual_mailbox_base: /home/vmail
  virtual_mailbox_domains: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
  virtual_mailbox_limit_maps: proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
  virtual_mailbox_maps: proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
  virtual_uid_maps: static:5000

disclaimers_folder: /etc/mail/disclaimers
mailprocessor_database_username: mail_processor
mailprocessor_database_password: ""
mailprocessor_database_name: mail
mailprocessor_database_server: 127.0.0.1
mailprocessor_database_server_port: 3306
mailprocessor_database_socket_file: /var/run/mysqld/mysqld.sock # If this is set, port is not needed
mailprocessor_log_file: /var/log/mail_processor.log
default_text_disclaimer_file: /etc/postfix/default_text_disclaimer
default_html_disclaimer_file: /etc/postfix/default_html_disclaimer