--- - name: Create mailname file copy: dest: /etc/mailname content: "{{ inventory_hostname }}" backup: true mode: '0644' notify: Restart postfix # - name: Template file authmysqlrc # template: # src: templates/authmysqlrc.j2 # dest: /etc/courier/authmysqlrc # owner: root # group: postfix # mode: '0550' # backup: true # notify: Restart postfix - name: Template file mysql-body_checks.cf template: src: templates/mysql-body_checks.cf.j2 dest: /etc/postfix/mysql-body_checks.cf owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Template file mysql-virtual_domains.cf template: src: templates/mysql-virtual_domains.cf.j2 dest: /etc/postfix/mysql-virtual_domains.cf owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Template file mysql-virtual_email2email.cf template: src: templates/mysql-virtual_email2email.cf.j2 dest: /etc/postfix/mysql-virtual_email2email.cf owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Template file mysql-virtual_forwardings.cf template: src: templates/mysql-virtual_forwardings.cf.j2 dest: /etc/postfix/mysql-virtual_forwardings.cf owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Template file mysql-virtual_mailbox_limit_maps.cf template: src: templates/mysql-virtual_mailbox_limit_maps.cf.j2 dest: /etc/postfix/mysql-virtual_mailbox_limit_maps.cf owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Template file mysql-virtual_mailboxes.cf template: src: templates/mysql-virtual_mailboxes.cf.j2 dest: /etc/postfix/mysql-virtual_mailboxes.cf owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Template file mysql-virtual_transports.cf template: src: templates/mysql-virtual_transports.cf.j2 dest: /etc/postfix/mysql-virtual_transports.cf owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Template file smtp template: src: templates/smtp.j2 dest: /etc/pam.d/smtp owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Template file smtpd.conf template: src: templates/smtpd.conf.j2 dest: /etc/postfix/sasl/smtpd.conf owner: root group: postfix mode: '0550' backup: true notify: Restart postfix - name: Generate DH param certificate shell: cmd: /usr/bin/openssl dhparam -out /etc/ssl/private/dhparams.pem 2048 && /bin/chmod 600 /etc/ssl/private/dhparams.pem creates: /etc/ssl/private/dhparams.pem notify: Restart postfix - name: Ensure SASL Authdaemond folder exists file: path: /var/spool/postfix/var/run/saslauthd state: directory owner: root group: sasl mode: '0770' - name: Ensure Postfix spool folders exists file: path: /var/spool/postfix/var state: directory owner: root group: root mode: '0755' - name: Ensure Postfix spool folders exists file: path: /var/spool/postfix/var/run/courier state: directory owner: root group: root mode: '0755' - name: Ensure SASL authentication daemon starts lineinfile: path: /etc/default/saslauthd regexp: '^START=' line: 'START=yes' backup: true create: true - name: Ensure SASL authentication daemon spool directory match postfix lineinfile: path: /etc/default/saslauthd regexp: '^OPTIONS=' line: 'OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"' backup: true create: true - name: Ensure SASL authentication daemon use IMAP mechanism lineinfile: path: /etc/default/saslauthd regexp: '^MECHANISMS=' line: 'MECHANISMS="rimap"' backup: true create: true - name: Ensure SASL authentication daemon configure IMAP mechanism lineinfile: path: /etc/default/saslauthd regexp: '^MECH_OPTIONS=' line: 'MECH_OPTIONS="127.0.0.1"' backup: true create: true - name: Ensure SASL authentication daemon is enabled and started service: name: saslauthd state: started enabled: true # - name: Ensure CRON job to update clients exists # cron: # name: "Update SMTPD trusted clients" # job: '/etc/postfix/scripts/update_clients.sh' # user: root # minute: '20' # hour: '*/2' - name: Ensure cron to check if authdaemond is stuck exists cron: name: check authdaemond stuck job: /etc/postfix/scripts/authdaemond_check_stuck.sh minute: '*/15' state: absent - name: Resolve host names set_fact: mail_own_networks: "{{ mail_own_networks + [ lookup('community.general.dig', item + '.', '@' + dns_resolver) ] }}" loop: "{{ mail_own_networks_hosts }}" - name: Remove duplicates set_fact: mail_own_networks: "{{ mail_own_networks | unique | select | list }}" - name: Ensure allow clients file exists file: state: touch path: /etc/postfix/allowed_clients owner: root group: postfix mode: 0644 - name: Ensure white list senders file exists file: state: touch path: /etc/postfix/maps/whitelist_senders.map owner: root group: postfix mode: 0644 notify: Postmap whitelist - name: Create local aliases ansible.builtin.lineinfile: path: /etc/aliases line: "{{ item.user }}: {{ item.alias }}" regexp: "^{{ item.user }}: " loop: "{{ local_aliases }}" notify: Refresh aliases - name: Ensure postfix belongs to sasl group user: name: postfix append: true groups: - sasl ################### # # # This at the end # # # ################### - name: Configure postfix main.cf template: src: templates/main.cf.j2 dest: /etc/postfix/main.cf owner: root group: root mode: '0644' backup: true notify: Restart postfix - name: Configure postfix master.cf template: src: templates/master.cf.j2 dest: /etc/postfix/master.cf owner: root group: root mode: '0644' backup: true notify: Restart postfix - name: Ensure postifx service is started and enabled service: name: postfix enabled: true state: started - name: Ensure blacklist is present lineinfile: path: /etc/postfix/blacklist line: "{{ item }} REJECT Blacklisted" regexp: "^{{ item }} " backup: true create: true loop: "{{ postfix_blacklist }}" notify: Postmap blacklist