101 lines
4.7 KiB
YAML
101 lines
4.7 KiB
YAML
---
|
|
mail_server_fqdn: mail.example.org
|
|
mail_db_user: mail_admin
|
|
mail_db_password: "{{ vault_mail_admin_password }}"
|
|
mail_db_name: 'mail'
|
|
admin_password: "{{ mail_admin_password }}"
|
|
mail_admin_username: 'mail_admin'
|
|
mail_db_users_table_name: 'users'
|
|
mail_db_users_password_field: 'password'
|
|
mail_db_users_username_field: 'email'
|
|
mail_db_users_alias_field: 'alias'
|
|
mail_db_users_quota_field: 'quota'
|
|
dns_resolver: 1.1.1.1
|
|
postfix_blacklist: []
|
|
mail_domains:
|
|
- example.org
|
|
- example.net
|
|
mail_own_networks:
|
|
- 1.2.3.4
|
|
mail_own_networks_hosts:
|
|
- host1.example.org
|
|
- host1.example.com
|
|
update_spam_db_user: "{{ vault_update_spam_db_user }}"
|
|
mail_users:
|
|
- fullname: User number 1
|
|
email: user1@example.org
|
|
password: "{{ vault_user1_md5_password_hash }}"
|
|
quota: 104857600000
|
|
mail_transports:
|
|
- domain: example.com
|
|
transport: smtp
|
|
mail_forwardings:
|
|
- source: user_1@example.org
|
|
destination: user1@example.org
|
|
porpouse: Alias for user1. Mail sent to user_1 it's redirected to user1
|
|
postfix_master_extra: |
|
|
dbmail-lmtp unix - - n - - lmtp
|
|
-o disable_dns_lookups=yes
|
|
postfix_config:
|
|
alias_database: hash:/etc/aliases
|
|
alias_maps: hash:/etc/aliases
|
|
append_dot_mydomain: no
|
|
biff: no
|
|
body_checks: regexp:/etc/postfix/maps/body_checks
|
|
broken_sasl_auth_clients: yes
|
|
compatibility_level: 3.6
|
|
header_checks: regexp:/etc/postfix/whitelist_senders.map regexp:/etc/postfix/maps/spam_filter_header_check
|
|
html_directory: /usr/share/doc/postfix/html
|
|
inet_interfaces: all
|
|
inet_protocols: all
|
|
mailbox_size_limit: 0
|
|
mydestination: "{{ mail_server_fqdn }}; localhost; localhost.localdomain"
|
|
myhostname: "{{ mail_server_fqdn }}"
|
|
mynetworks: "127.0.0.0/8 hash:/etc/postfix/allowed_clients{% if mail_own_networks %}{% for ip in mail_own_networks %} {{ ip }}{% endfor %}{% endif %}"
|
|
myorigin: /etc/mailname
|
|
policy-spf_time_limit: 3600s
|
|
proxy_read_maps: $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
|
|
readme_directory: /usr/share/doc/postfix
|
|
recipient_delimiter: +
|
|
relay_recipient_maps: ''
|
|
smtpd_banner: $myhostname ESMTP $mail_name
|
|
# Block clients that speak too early.
|
|
smtpd_data_restrictions: reject_unauth_pipelining
|
|
# Don't talk to mail systems that don't know their own hostname.
|
|
smtpd_helo_restrictions: permit_mynetworks reject_unknown_helo_hostname
|
|
smtpd_recipient_restrictions: permit_mynetworks, permit_sasl_authenticated, permit_auth_destination, reject_unauth_destination, check_policy_service unix:private/policy-spf, check_client_access cidr:/etc/postfix/blacklist
|
|
smtpd_relay_restrictions: permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
|
smtpd_sasl_auth_enable: 'yes'
|
|
smtpd_sasl_authenticated_header: 'yes'
|
|
smtpd_tls_cert_file: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/fullchain.pem"
|
|
smtpd_tls_dh1024_param_file: /etc/ssl/private/dhparams.pem
|
|
smtpd_tls_exclude_ciphers: aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
|
|
smtpd_tls_key_file: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem"
|
|
smtpd_tls_session_cache_database: btree:/var/lib/postfix/smtpd_scache
|
|
smtpd_use_tls: yes
|
|
# If this is a backupmx or satellite then smtp_sasl_auth_enable: 'yes'
|
|
smtp_sasl_auth_enable: 'no'
|
|
smtp_sasl_security_options: noanonymous
|
|
smtp_sasl_type: cyrus
|
|
smtp_tls_session_cache_database: btree:/var/lib/postfix/smtp_scache
|
|
smtp_use_tls: 'yes'
|
|
transport_maps: proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
|
|
virtual_alias_domains: ''
|
|
virtual_alias_maps: proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
|
|
virtual_gid_maps: static:5000
|
|
virtual_mailbox_base: /home/vmail
|
|
virtual_mailbox_domains: proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
|
|
virtual_mailbox_limit_maps: proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
|
|
virtual_mailbox_maps: proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
|
|
virtual_uid_maps: static:5000
|
|
|
|
disclaimers_folder: /etc/mail/disclaimers
|
|
mailprocessor_database_username: mail_processor
|
|
mailprocessor_database_password: ""
|
|
mailprocessor_database_name: mail
|
|
mailprocessor_database_server: 127.0.0.1
|
|
mailprocessor_database_server_port: 3306
|
|
mailprocessor_database_socket_file: /var/run/mysqld/mysqld.sock # If this is set, port is not needed
|
|
mailprocessor_log_file: /var/log/mail_processor.log
|
|
default_text_disclaimer_file: /etc/postfix/default_text_disclaimer
|
|
default_html_disclaimer_file: /etc/postfix/default_html_disclaimer
|