Postfix config updates

55c74d63 · Chris Croome · e4b0d8db · 55c74d63
Commit 55c74d63 authored 7 years ago by Chris Croome
--- a/roles/email/tasks/main.yml
+++ b/roles/email/tasks/main.yml
@@ -64,6 +64,15 @@
    - pwgen
    - whois

+- name: Postfix smtpd_relay_restrictions set
+  command: postconf -e "smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination"
+
+- name: Postfix set not to use /etc/aliases
+  command: postconf -e "alias_maps = "
+
+- name: Postfix mydestination set to localhost 
+  command: postconf -e "mydestination = localhost"
+
 - name: Get the app container IP address
  command: "docker inspect --format '{''{ .NetworkSettings.IPAddress }''}' app"
  register: app_ip_address
@@ -74,24 +83,11 @@
 - name: Postfix my networks set to include {{ app_ip_address.stdout }}
  command: postconf -e "mynetworks = 127.0.0.0/8, {{ app_ip_address.stdout }}" 

- name: Postfix mydestination set to contain {{ hostname }}
-  # command: postconf -e "mydestination = {{ hostname }}, localhost.localnetwork, localhost"
-  command: postconf -e "mydestination = localhost"
-
 - name: Postfix relay domains set to {{ hostname }}
  command: postconf -e "relay_domains = {{ hostname }}"

- name: Postfix set not to use /etc/aliases
-  command: postconf -e "alias_maps = "
-
- name: Postfix set for ipv4 only
-  command: postconf -e "inet_protocols = ipv4"
-
- name: Postfix stopped for inet_protocols change
-  command: postfix stop
-
- name: Postfix started after inet_protocols change
-  command: postfix start
+- name: Postfix smtpd_recipient_restrictions set
+  command: postconf -e "smtpd_recipient_restrictions = permit_mynetworks, check_policy_service unix:private/policy"

 - name: Postfix opportunistic TLS enabled
  command: postconf -e "smtp_tls_security_level = may"
@@ -105,6 +101,9 @@
 - name: Postfix Time Zone and Lang set 
  command: postconf -e "export_environment='TZ LANG'"

+- name: Postfix set for ipv4 only
+  command: postconf -e "inet_protocols = ipv4"
+
 - name: Postfix set to use /usr/local/bin/receive-mail
  command: postconf -M -e "discourse/unix=discourse unix - n n - - pipe user=nobody:nogroup argv=/usr/local/bin/receive-mail ${recipient}"

@@ -120,7 +119,6 @@
 - name: Postmap run with Transport Maps file
  command: postmap /etc/postfix/transport

-
 - name: Postfix set to reject incorrect email addresses 
  command: postconf -M -e "policy/unix=policy unix - n n - - spawn user=nobody argv=/usr/local/bin/discourse-smtp-fast-rejection"

@@ -139,8 +137,11 @@

  when: le_cert.stat.exists == True

- name: Postfix reloaded
-  command: postfix reload
+- name: Postfix stopped 
+  command: postfix stop
+
+- name: Postfix started
+  command: postfix start

 - name: Root .forward in place
  template: