From f425c5d314758a39f5a88c8a48e92fd9ef241874 2023-11-22 08:54:40
From: Branko Majic <branko@majic.rs>
Date: 2023-11-22 08:54:40
Subject: [PATCH] MAR-183: Added parameter to mail_server role for including additional SMTP server configuration directives.

---

diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst
index ed9e8fbca4c93cdce7c7cbd71a030c7bd3e21db3..409a822d9e3737b12f2626bb6b7574de828d64bc 100644
--- a/docs/releasenotes.rst
+++ b/docs/releasenotes.rst
@@ -34,6 +34,12 @@ run applications using Debian-only repositories.
   * Updated default package pins for virtual environments used to
     check for available pip package upgrades.
 
+* ``mail_server`` role
+
+  * Added parameter ``mail_server_smtp_additional_configuration`` that
+    provides ability to include additional configuration directives
+    for the SMTP server.
+
 * ``xmpp_server`` role
 
   * Drop dependency on the external (Prosody) package
diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 06891a1d4543ef6efa6e910beda68d4358c031e9..a6c08d32a3ca67fee3e5538c4402c7b59fe1513d 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -1183,6 +1183,11 @@ Parameters
   advertised as part of SMTP server capabilities (in response to the
   ``ehlo`` SMTP command).
 
+**mail_server_smtp_additional_configuration** (string, optional, ``""``))
+  Additional configuration directives to include in SMTP server main
+  configuration file. Directives must be specifically compatible with
+  Postfix, and are treated verbatim (multi-line string will suffice).
+
 **mail_server_tls_protocols** (list, optional, ``[ "TLSv1.2" ]``)
   List of TLS protocols the mail server should support. Each value specified
   should be compatible with Postfix configuration option
diff --git a/roles/mail_server/defaults/main.yml b/roles/mail_server/defaults/main.yml
index 7eb533e1130ab5cf3c08d87b63c7ac41fa255a64..4fe2a2f55aa493bc0f8a8044e23c2417df0586cb 100644
--- a/roles/mail_server/defaults/main.yml
+++ b/roles/mail_server/defaults/main.yml
@@ -19,3 +19,4 @@ ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-CHACHA20-POLY1305:\
 !aNULL:!MD5:!EXPORT"
 mail_message_size_limit: 10240000
+mail_server_smtp_additional_configuration: ""
diff --git a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml
index 8cfe8c0089771117a1ff6bb05e09e3baa086cf82..158e2d7022927475caab12730455f422fa4240c7 100644
--- a/roles/mail_server/molecule/default/group_vars/parameters-optional.yml
+++ b/roles/mail_server/molecule/default/group_vars/parameters-optional.yml
@@ -30,6 +30,9 @@ mail_postmaster: "webmaster@parameters-optional"
 smtp_allow_relay_from:
   - "{{ release_based_smtp_allow_relay_from[ansible_distribution_release] }}"
 mail_message_size_limit: 20480001
+mail_server_smtp_additional_configuration: |
+  smtpd_banner = $myhostname ESMTP My SMTP Server
+  smtp_skip_5xx_greeting = no
 
 # Variables dependant on distribution release.
 release_based_smtp_allow_relay_from:
diff --git a/roles/mail_server/molecule/default/molecule.yml b/roles/mail_server/molecule/default/molecule.yml
index 9d404be9e6cb1cce67daa28e0bb7c28c265d1191..5066317717b44b46c3c10b3ec5eb12dee21a5bb2 100644
--- a/roles/mail_server/molecule/default/molecule.yml
+++ b/roles/mail_server/molecule/default/molecule.yml
@@ -29,7 +29,7 @@ platforms:
         network_name: private_network
         type: static
     config_options:
-      synced_folder: True
+      synced_folder: true
 
   - name: ldap-server
     box: debian/contrib-buster64
diff --git a/roles/mail_server/molecule/default/tests/test_optional.py b/roles/mail_server/molecule/default/tests/test_optional.py
index a0cb6768fcedbf1bf4b9334610dd5a6da4b41838..268120e1d6a80124963eee0806b16cad3fe188ec 100644
--- a/roles/mail_server/molecule/default/tests/test_optional.py
+++ b/roles/mail_server/molecule/default/tests/test_optional.py
@@ -208,3 +208,26 @@ def test_mail_message_size_limit(host):
     mail_message_size_limit = capabilities.stdout[begin:end]
 
     assert mail_message_size_limit == "250-SIZE 20480001"
+
+
+def test_smtp_additional_configuration_present_in_file(host):
+    """
+    Tests if additional SMTP server configuration has been applied
+    against the configuration file.
+    """
+
+    config = host.file("/etc/postfix/main.cf")
+
+    assert "smtpd_banner = $myhostname ESMTP My SMTP Server" in config.content_string
+    assert "smtp_skip_5xx_greeting = no" in config.content_string
+
+
+def test_smtp_additional_configuration_active(host):
+    """
+    Tests if additional SMTP server configuration has been applied
+    against the running server.
+    """
+
+    command = host.run('swaks --quit-after BANNER --to root@localhost')
+
+    assert "ESMTP My SMTP Server" in command.stdout
diff --git a/roles/mail_server/templates/main.cf.j2 b/roles/mail_server/templates/main.cf.j2
index 57f2fe092d0c7d9f73bf62f9234e845d331f9f13..752b2a60607124033448dc8f148f132953ae7fdc 100644
--- a/roles/mail_server/templates/main.cf.j2
+++ b/roles/mail_server/templates/main.cf.j2
@@ -98,3 +98,5 @@ smtp_host_lookup = dns, native
 
 # Explicitly set maximum allowed mail size that should be accepted.
 message_size_limit = {{ mail_message_size_limit }}
+
+{{ mail_server_smtp_additional_configuration }}